Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Virus blockiert Diverse VirenScanner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 01.03.2014, 00:39   #1
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Hallo erstmals,
ich hatte vor knapp einen Monat einen Virus / Malware auf meinem Rechner was dazu führte, dass sich mein desktop nicht blicken lässte. Egal was ich versucht habe ging nicht (über taskmanager die explorer.exe zu starten etc). Nun ja hatte das Glück, dass sich mein Rechner einen automatischen Recover Datei knapp ne Woche vorher erstellt hat was ich auch genutzt habe. Nun seitdem her blockiert der Rechner bzw was auch immer 1. Die installation von diversen Malware Programmen (Malwarebytes , Spybot -> missing files) und auch das starten.
Bitte um hilfe

Im Anhang sind die Log Dateien vllt bringen die ja was.

Beispiel:
Angehängte Dateien
Dateityp: txt aswMBR.txt (1,9 KB, 126x aufgerufen)
Dateityp: txt Addition.txt (23,9 KB, 123x aufgerufen)
Dateityp: txt ComboFix.txt (57,5 KB, 116x aufgerufen)
Dateityp: txt dds.txt (15,0 KB, 115x aufgerufen)
Dateityp: txt Extras.Txt (71,5 KB, 112x aufgerufen)
Dateityp: txt FRST.txt (26,6 KB, 114x aufgerufen)
Dateityp: log hijackthis.log (7,2 KB, 109x aufgerufen)
Dateityp: txt OTL.Txt (82,2 KB, 127x aufgerufen)

Alt 01.03.2014, 00:42   #2
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Habe noch den Log File vom Eset online Scanner gefunden.
Angehängte Dateien
Dateityp: txt EsetOnlineScanner.txt (1,7 KB, 221x aufgerufen)
__________________


Geändert von Phant0m (01.03.2014 um 00:45 Uhr) Grund: doppelt

Alt 05.03.2014, 06:57   #3
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________
__________________

Alt 05.03.2014, 18:56   #4
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Avast Online Scanner:
Code:
ATTFilter
aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2014-02-14 20:47:35
-----------------------------
20:47:35.350    OS Version: Windows x64 6.1.7601 Service Pack 1
20:47:35.350    Number of processors: 4 586 0x203
20:47:35.351    ComputerName: PHANT0M  UserName: X
20:47:36.185    Initialize success
20:48:15.859    AVAST engine defs: 14021402
20:48:57.590    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000066
20:48:57.592    Disk 0 Vendor: WDC_WD50 05.0 Size: 476938MB BusType: 3
20:48:57.790    Disk 0 MBR read successfully
20:48:57.793    Disk 0 MBR scan
20:48:57.798    Disk 0 Windows 7 default MBR code
20:48:57.817    Disk 0 Partition 1 80 (A) 07    HPFS/NTFS NTFS          100 MB offset 2048
20:48:57.835    Disk 0 Partition 2 00     07    HPFS/NTFS NTFS       399900 MB offset 206848
20:48:57.866    Disk 0 Partition 3 00     07    HPFS/NTFS NTFS        76936 MB offset 819202048
20:48:57.982    Disk 0 scanning C:\Windows\system32\drivers
20:49:12.960    Service scanning
20:49:32.641    Modules scanning
20:49:32.647    Disk 0 trace - called modules:
20:49:32.664    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys 
20:49:32.670    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004340060]
20:49:32.675    3 CLASSPNP.SYS[fffff8800191543f] -> nt!IofCallDriver -> [0xfffffa80037c7560]
20:49:32.680    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\00000066[0xfffffa80037c69c0]
20:49:33.305    AVAST engine scan C:\Windows
20:49:36.310    AVAST engine scan C:\Windows\system32
20:53:05.902    AVAST engine scan C:\Windows\system32\drivers
20:53:18.273    AVAST engine scan C:\Users\X
20:58:44.259    AVAST engine scan C:\ProgramData
20:59:46.351    Scan finished successfully
21:00:00.171    Disk 0 MBR has been saved successfully to "C:\Users\X\Desktop\MBR.dat"
21:00:00.176    The log file has been saved successfully to "C:\Users\X\Desktop\aswMBR.txt"
         
Farber Scanner Addition:
Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 13-02-2014 01
Ran by X at 2014-02-14 20:32:13
Running from C:\Users\X\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (x32 Version: 12.0.0.44 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (x32 Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (x32 Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Battle.net (x32 Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (Version: 4.10 - Piriform)
CDBurnerXP (x32 Version: 4.5.2.4291 - CDBurnerXP)
Counter-Strike: Global Offensive (x32 Version:  - Valve)
Counter-Strike: Source (x32 Version:  - Valve)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (x32 Version: 4.40.2.0131 - DT Soft Ltd)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (x32 Version: 32.0.1700.107 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPU Temp version 1.0 (x32 Version: 1.0 - gputemp.com)
ImgBurn (x32 Version: 2.5.5.0 - LIGHTNING UK!)
Java 7 Update 25 (x32 Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (x32 Version: 6.0.240 - Oracle)
K-Lite Codec Pack (64-bit) v4.5.0 (Version: 4.5.0 - )
Left 4 Dead 2 (x32 Version:  - Valve)
Malwarebytes Anti-Malware version 1.75.0.1300 (x32 Version: 1.75.0.1300 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (x32 Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (x32 Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (x32 Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (x32 Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (x32 Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (x32 Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0 (x86 de) (x32 Version: 27.0 - Mozilla)
Mozilla Maintenance Service (x32 Version: 27.0 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Drivers (Version: 1.10.57.35 - NVIDIA Corporation)
OpenOffice 4.0.0 (x32 Version: 4.00.9702 - Apache Software Foundation)
Paragon Backup & Recovery™ 2013 Free (x32 Version: 90.00.0003 - Paragon Software)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (x32 Version:  - )
Ralink RT2870 Wireless LAN Card (x32 Version: 1.5.31.0 - Ralink)
Razer Game Booster (x32 Version: 4.1.59.0 - Razer Inc.)
Realtek HDMI Audio Driver for ATI (x32 Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (x32 Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
ROCCAT Pyra Mouse Driver (x32 Version:  - Roccat GmbH)
RocketDock 1.3.5 (x32 Version:  - Punk Software)
Spotify (HKCU Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (x32 Version: 1.0.0.0 - Valve Corporation)
TL-WN721N/TL-WN722N Driver (x32 Version: 1.0.0 - TP-LINK)
Update for Microsoft .NET Framework 4.5 (KB2805226) (x32 Version: 1 - Microsoft Corporation)
VLC media player 2.0.7 (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-Bit) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.94 (x32 Version: 7.94 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

30-01-2014 13:23:00 Geplanter Prüfpunkt
06-02-2014 17:08:10 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-01-26 16:42 - 00450639 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com
127.0.0.1	123moviedownload.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

Task: {03B8D0BD-2435-4308-8714-1ECEB9B736CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-05] (Adobe Systems Incorporated)
Task: {16A0C00C-8F9A-42C9-9902-BE42809843BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {58832227-D83B-438B-807F-5952C5AD4125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C12C6665-7821-4E3B-802F-8A2B1F816A03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: {F2407C71-7C14-47E4-837F-DCBBAF5B9BB4} - System32\Tasks\DriverEasy Scheduled Scan => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DriverEasy Scheduled Scan.job => C:\Program Files\Easeware\DriverEasy\DriverEasy.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-08-09 19:11 - 2007-09-02 12:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2014-01-25 16:48 - 2013-11-21 20:21 - 01294336 _____ () D:\Games\League of Legends\RADS\system\rads_user_kernel.exe
2014-01-25 16:48 - 2014-02-05 22:43 - 05312352 _____ () D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
2014-01-25 16:48 - 2014-01-17 23:02 - 00074752 _____ () D:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.71\deploy\LolClient.exe
2013-08-09 19:11 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-09-01 22:06 - 2009-10-31 06:13 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Pyra Mouse\hiddriver.dll
2014-02-06 23:19 - 2014-02-06 23:19 - 03583600 _____ () C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
2014-01-25 16:48 - 2014-02-05 22:43 - 00192864 _____ () D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\RiotLauncher.dll
2014-02-05 23:26 - 2014-02-05 23:26 - 16287624 _____ () C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RaMediaServer => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SplashtopRemoteService => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\Services: Update outobox => 2
MSCONFIG\startupreg: Spotify => "C:\Users\X\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/14/2014 08:18:50 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 03:14:49 AM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.2.0.2718, Zeitstempel: 0x52f5b14e
Name des fehlerhaften Moduls: cgD3D9.dll, Version: 3.0.0.16, Zeitstempel: 0x4d55a06f
Ausnahmecode: 0xc0000005
Fehleroffset: 0x000b6539
ID des fehlerhaften Prozesses: 0xe34
Startzeit der fehlerhaften Anwendung: 0xLeague of Legends.exe0
Pfad der fehlerhaften Anwendung: League of Legends.exe1
Pfad des fehlerhaften Moduls: League of Legends.exe2
Berichtskennung: League of Legends.exe3

Error: (02/12/2014 11:10:28 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:53:39 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:39:13 AM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 07:14:11 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:16:01 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.75.0.1, Zeitstempel: 0x511f8eb2
Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001604c
ID des fehlerhaften Prozesses: 0xdc4
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (02/09/2014 11:16:00 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:09:37 PM) (Source: Application Error) (User: )
Description: Name der fehlerhaften Anwendung: mbam.exe, Version: 1.75.0.1, Zeitstempel: 0x511f8eb2
Name des fehlerhaften Moduls: OLEAUT32.dll, Version: 6.1.7601.17676, Zeitstempel: 0x4e58702a
Ausnahmecode: 0xc0000005
Fehleroffset: 0x0001604c
ID des fehlerhaften Prozesses: 0x1100
Startzeit der fehlerhaften Anwendung: 0xmbam.exe0
Pfad der fehlerhaften Anwendung: mbam.exe1
Pfad des fehlerhaften Moduls: mbam.exe2
Berichtskennung: mbam.exe3

Error: (02/09/2014 04:08:53 PM) (Source: WinMgmt) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (02/13/2014 03:23:14 AM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (02/08/2014 07:49:09 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (02/04/2014 07:07:20 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt: Neustart des Diensts.

Error: (02/04/2014 06:34:16 PM) (Source: Microsoft-Windows-HAL) (User: )
Description: Der Speicher wurde beim letzten Leistungsübergang des Systems von der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte Firmware verfügbar ist.

Error: (01/29/2014 11:56:07 AM) (Source: volsnap) (User: )
Description: Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error: (01/28/2014 00:50:46 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎28.‎01.‎2014 um 12:41:46 unerwartet heruntergefahren.

Error: (01/27/2014 09:28:46 PM) (Source: EventLog) (User: )
Description: Das System wurde zuvor am ‎27.‎01.‎2014 um 21:26:53 unerwartet heruntergefahren.

Error: (01/26/2014 08:05:30 PM) (Source: DCOM) (User: )
Description: {995C996E-D918-4A8C-A302-45719A6F4EA7}

Error: (01/26/2014 07:52:49 PM) (Source: DCOM) (User: )
Description: 1084WSearch{9E175B6D-F52A-11D8-B9A5-505054503030}

Error: (01/26/2014 07:52:36 PM) (Source: Service Control Manager) (User: )
Description: Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: 
%%1068


Microsoft Office Sessions:
=========================
Error: (02/14/2014 08:18:50 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/13/2014 03:14:49 AM) (Source: Application Error)(User: )
Description: League of Legends.exe4.2.0.271852f5b14ecgD3D9.dll3.0.0.164d55a06fc0000005000b6539e3401cf286144d8a060D:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.7\deploy\League of Legends.exeD:\Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.7\deploy\cgD3D9.dll9d4511c0-9454-11e3-8d0e-00241d699e74

Error: (02/12/2014 11:10:28 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:53:39 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/11/2014 07:39:13 AM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/10/2014 07:14:11 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:16:01 PM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2OLEAUT32.dll6.1.7601.176764e58702ac00000050001604cdc401cf25e47e0e8630C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\syswow64\OLEAUT32.dllc18ffc90-91d7-11e3-b96b-00241d699e74

Error: (02/09/2014 11:16:00 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (02/09/2014 11:09:37 PM) (Source: Application Error)(User: )
Description: mbam.exe1.75.0.1511f8eb2OLEAUT32.dll6.1.7601.176764e58702ac00000050001604c110001cf25e39c3318c0C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exeC:\Windows\syswow64\OLEAUT32.dlldcdec270-91d6-11e3-9836-00241d699e74

Error: (02/09/2014 04:08:53 PM) (Source: WinMgmt)(User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Percentage of memory in use: 46%
Total physical RAM: 4095.55 MB
Available physical RAM: 2200.7 MB
Total Pagefile: 8189.29 MB
Available Pagefile: 5864 MB
Total Virtual: 8192 MB
Available Virtual: 8191.8 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:75.13 GB) (Free:38.52 GB) NTFS
Drive d: () (Fixed) (Total:390.53 GB) (Free:239.4 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000B0D4E)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=391 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=75 GB) - (Type=07 NTFS)

==================== End Of Log ============================
         

Alt 05.03.2014, 18:58   #5
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Combofix:
Code:
ATTFilter
ComboFix 14-02-20.01 - X 22.02.2014   7:40.1.4 - x64
Microsoft Windows 7 eXtreme™ Draconis Edition   6.1.7601.1.1252.49.1031.18.4096.2106 [GMT 1:00]
ausgeführt von:: c:\users\X\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\X\AppData\Roaming\dclogs
c:\users\X\AppData\Roaming\dclogs\2014-01-25-7.dc
c:\users\X\AppData\Roaming\dclogs\2014-01-26-1.dc
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2014-01-22 bis 2014-02-22  ))))))))))))))))))))))))))))))
.
.
2014-02-20 15:08 . 2014-02-20 15:08	--------	d-----w-	c:\program files (x86)\ESET
2014-02-17 21:32 . 2014-02-17 21:32	--------	d-----w-	c:\users\X\AppData\Roaming\Malwarebytes
2014-02-17 21:29 . 2014-02-17 21:32	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2014-02-17 21:29 . 2013-04-04 13:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2014-02-14 19:31 . 2014-02-14 19:32	--------	d-----w-	C:\FRST
2014-02-12 23:41 . 2014-02-13 00:14	--------	d-----w-	c:\users\X\AppData\Roaming\TeamViewer
2014-01-30 22:31 . 2014-01-30 22:31	--------	d-----w-	C:\output
2014-01-27 20:58 . 2014-02-06 20:20	--------	d-----w-	c:\users\X\AppData\Local\Spotify
2014-01-27 20:56 . 2014-02-22 06:38	--------	d-----w-	c:\users\X\AppData\Roaming\Spotify
2014-01-26 20:54 . 2014-01-26 20:54	--------	d-----w-	c:\users\X\AppData\Roaming\ASCOMP Software
2014-01-26 20:40 . 2014-01-27 21:52	--------	d-----w-	c:\users\X\AppData\Local\ElevatedDiagnostics
2014-01-26 19:30 . 2014-01-26 19:30	--------	d-----w-	c:\programdata\backup
2014-01-26 19:30 . 2014-01-26 19:30	--------	d-----w-	c:\programdata\launcher
2014-01-26 19:30 . 2014-01-26 19:30	--------	d-----w-	c:\programdata\explauncher
2014-01-26 19:24 . 2014-01-26 19:24	--------	d-----w-	c:\program files (x86)\Paragon Software
2014-01-26 18:24 . 2014-01-26 18:24	--------	d-----w-	c:\users\X\AppData\Roaming\Simply Super Software
2014-01-26 18:23 . 2014-01-26 19:01	--------	d-----w-	c:\program files (x86)\Trojan Remover
2014-01-26 18:23 . 2014-01-26 18:23	--------	d-----w-	c:\programdata\Simply Super Software
2014-01-26 18:23 . 2014-01-26 19:01	--------	d-----w-	c:\program files (x86)\TrojanHunter 5.5
2014-01-26 18:23 . 2014-01-26 18:23	--------	d-----w-	c:\programdata\TrojanHunter
2014-01-26 16:58 . 2014-01-26 17:02	--------	d-----w-	C:\AdwCleaner
2014-01-26 16:43 . 2014-01-26 16:43	--------	d-----w-	c:\program files\Lavasoft
2014-01-26 16:43 . 2014-01-26 16:43	--------	d-----w-	c:\users\X\AppData\Roaming\Lavasoft
2014-01-26 16:42 . 2014-01-26 16:42	--------	d-----w-	c:\program files\Common Files\Lavasoft
2014-01-26 16:40 . 2014-01-26 16:40	--------	d-----w-	c:\programdata\Lavasoft
2014-01-26 16:38 . 2014-01-26 19:01	--------	d-----w-	c:\programdata\Spyware Terminator
2014-01-26 16:38 . 2014-01-26 16:38	--------	d-----w-	c:\users\X\AppData\Roaming\Spyware Terminator
2014-01-26 16:38 . 2014-01-26 19:01	--------	d-----w-	c:\program files (x86)\Spyware Terminator
2014-01-26 16:05 . 2014-01-26 16:05	--------	d-----w-	c:\users\X\AppData\Roaming\SUPERAntiSpyware.com
2014-01-26 16:05 . 2014-01-26 16:05	--------	d-----w-	c:\programdata\SUPERAntiSpyware.com
2014-01-26 15:29 . 2014-01-26 19:01	--------	d-----w-	c:\programdata\Spybot - Search & Destroy
2014-01-26 15:29 . 2014-01-26 19:01	--------	d-----w-	c:\program files (x86)\Spybot - Search & Destroy 2
2014-01-26 14:44 . 2014-01-26 19:01	--------	d-----w-	C:\NTKernel
2014-01-26 14:06 . 2014-01-26 19:01	--------	d-sh--w-	c:\programdata\h65guhb
2014-01-26 14:06 . 2014-01-26 14:06	--------	d-sh--r-	c:\users\X\AppData\Roaming\Microsoft Fx
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2014-02-21 07:26 . 2013-09-02 18:23	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-21 07:26 . 2013-09-02 18:23	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2014-01-02 12:51 . 2014-01-02 12:51	53248	----a-r-	c:\users\X\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2013-12-06 22:07 . 2013-12-06 22:07	78432	----a-w-	c:\windows\system32\atimpc64.dll
2013-12-06 22:07 . 2013-12-06 22:07	78432	----a-w-	c:\windows\system32\amdpcom64.dll
2013-12-06 22:07 . 2013-12-06 22:07	71704	----a-w-	c:\windows\SysWow64\atimpc32.dll
2013-12-06 22:07 . 2013-12-06 22:07	71704	----a-w-	c:\windows\SysWow64\amdpcom32.dll
2013-12-06 22:04 . 2013-03-29 02:37	143304	----a-w-	c:\windows\system32\atiuxp64.dll
2013-12-06 22:03 . 2013-03-29 02:37	126336	----a-w-	c:\windows\SysWow64\atiuxpag.dll
2013-12-06 22:03 . 2013-12-06 22:03	115512	----a-w-	c:\windows\system32\atiu9p64.dll
2013-12-06 22:02 . 2013-03-29 02:37	98496	----a-w-	c:\windows\SysWow64\atiu9pag.dll
2013-12-06 22:01 . 2013-03-29 02:37	1318552	----a-w-	c:\windows\system32\aticfx64.dll
2013-12-06 22:01 . 2013-03-29 02:37	1100216	----a-w-	c:\windows\SysWow64\aticfx32.dll
2013-12-06 22:00 . 2013-03-29 02:36	9753752	----a-w-	c:\windows\system32\atidxx64.dll
2013-12-06 21:59 . 2013-03-29 02:36	8406024	----a-w-	c:\windows\SysWow64\atidxx32.dll
2013-12-06 21:59 . 2013-03-29 02:36	8287008	----a-w-	c:\windows\SysWow64\atiumdva.dll
2013-12-06 21:58 . 2013-03-29 02:36	6630232	----a-w-	c:\windows\SysWow64\atiumdag.dll
2013-12-06 21:57 . 2013-12-06 21:57	8927704	----a-w-	c:\windows\system32\atiumd6a.dll
2013-12-06 21:56 . 2013-12-06 21:56	7751920	----a-w-	c:\windows\system32\atiumd64.dll
2013-12-06 21:52 . 2013-12-06 21:52	13207552	----a-w-	c:\windows\system32\drivers\atikmdag.sys
2013-12-06 21:38 . 2013-12-06 21:38	230912	----a-w-	c:\windows\system32\clinfo.exe
2013-12-06 21:38 . 2013-12-06 21:38	99840	----a-w-	c:\windows\system32\OpenVideo64.dll
2013-12-06 21:38 . 2013-12-06 21:38	83968	----a-w-	c:\windows\SysWow64\OpenVideo.dll
2013-12-06 21:38 . 2013-12-06 21:38	86528	----a-w-	c:\windows\system32\OVDecode64.dll
2013-12-06 21:38 . 2013-12-06 21:38	73728	----a-w-	c:\windows\SysWow64\OVDecode.dll
2013-12-06 21:37 . 2013-12-06 21:37	29382144	----a-w-	c:\windows\system32\amdocl64.dll
2013-12-06 21:35 . 2013-12-06 21:35	24860160	----a-w-	c:\windows\SysWow64\amdocl.dll
2013-12-06 21:33 . 2013-12-06 21:33	63488	----a-w-	c:\windows\system32\OpenCL.dll
2013-12-06 21:33 . 2013-12-06 21:33	57344	----a-w-	c:\windows\SysWow64\OpenCL.dll
2013-12-06 21:26 . 2013-12-06 21:26	129536	----a-w-	c:\windows\system32\coinst_13.251.dll
2013-12-06 21:16 . 2013-12-06 21:16	26352128	----a-w-	c:\windows\system32\atio6axx.dll
2013-12-06 21:13 . 2013-12-06 21:13	368640	----a-w-	c:\windows\system32\atiapfxx.exe
2013-12-06 21:12 . 2013-12-06 21:12	62464	----a-w-	c:\windows\system32\aticalrt64.dll
2013-12-06 21:12 . 2013-12-06 21:12	52224	----a-w-	c:\windows\SysWow64\aticalrt.dll
2013-12-06 21:12 . 2013-12-06 21:12	55808	----a-w-	c:\windows\system32\aticalcl64.dll
2013-12-06 21:12 . 2013-12-06 21:12	49152	----a-w-	c:\windows\SysWow64\aticalcl.dll
2013-12-06 21:12 . 2013-12-06 21:12	15716352	----a-w-	c:\windows\system32\aticaldd64.dll
2013-12-06 21:09 . 2013-12-06 21:09	14302208	----a-w-	c:\windows\SysWow64\aticaldd.dll
2013-12-06 20:58 . 2013-12-06 20:58	22157824	----a-w-	c:\windows\SysWow64\atioglxx.dll
2013-12-06 20:53 . 2013-12-06 20:53	442368	----a-w-	c:\windows\system32\atidemgy.dll
2013-12-06 20:53 . 2013-12-06 20:53	31232	----a-w-	c:\windows\system32\atimuixx.dll
2013-12-06 20:53 . 2013-12-06 20:53	588288	----a-w-	c:\windows\system32\atieclxx.exe
2013-12-06 20:52 . 2013-12-06 20:52	239616	----a-w-	c:\windows\system32\atiesrxx.exe
2013-12-06 20:50 . 2013-12-06 20:50	190976	----a-w-	c:\windows\system32\atitmm64.dll
2013-12-06 20:22 . 2013-12-06 20:22	1144320	----a-w-	c:\windows\system32\atiadlxx.dll
2013-12-06 20:22 . 2013-12-06 20:22	825344	----a-w-	c:\windows\SysWow64\atiadlxy.dll
2013-12-06 20:22 . 2013-12-06 20:22	74752	----a-w-	c:\windows\system32\atig6pxx.dll
2013-12-06 20:22 . 2013-12-06 20:22	69632	----a-w-	c:\windows\SysWow64\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22	69632	----a-w-	c:\windows\system32\atiglpxx.dll
2013-12-06 20:22 . 2013-12-06 20:22	100352	----a-w-	c:\windows\system32\atig6txx.dll
2013-12-06 20:21 . 2013-12-06 20:21	96768	----a-w-	c:\windows\SysWow64\atigktxx.dll
2013-12-06 20:21 . 2013-12-06 20:21	626176	----a-w-	c:\windows\system32\drivers\atikmpag.sys
2013-12-06 20:18 . 2013-12-06 20:18	43520	----a-w-	c:\windows\system32\drivers\ati2erec.dll
2013-12-06 15:49 . 2013-12-06 15:49	51200	----a-w-	c:\windows\system32\kdbsdk64.dll
2013-12-06 15:44 . 2013-12-06 15:44	38912	----a-w-	c:\windows\SysWow64\kdbsdk32.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"Spotify Web Helper"="c:\users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2014-02-16 1171968]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"ROCCAT Pyra Mouse"="c:\program files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE" [2010-09-07 532480]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" [2013-12-06 766208]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2011-01-20 1305408]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoResolveTrack"= 1 (0x1)
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys;c:\windows\SYSNATIVE\DRIVERS\athurx.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys;c:\windows\SYSNATIVE\drivers\mbam.sys [x]
R3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;c:\windows\system32\DRIVERS\MijXfilt.sys;c:\windows\SYSNATIVE\DRIVERS\MijXfilt.sys [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys;c:\windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys;c:\windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys;c:\windows\SYSNATIVE\drivers\terminpt.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys;c:\windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys;c:\windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R4 RalinkRegistryWriter64;RalinkRegistryWriter64;c:\program files (x86)\Ralink\Common\RaRegistry64.exe;c:\program files (x86)\Ralink\Common\RaRegistry64.exe [x]
R4 RaMediaServer;Ralink UPnP Media Server;c:\program files (x86)\Ralink\Common\RaMediaServer.exe;c:\program files (x86)\Ralink\Common\RaMediaServer.exe [x]
R4 RzKLService;RzKLService;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe;c:\program files (x86)\Razer\Razer Game Booster\RzKLService.exe [x]
S1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys;c:\windows\SYSNATIVE\Drivers\uim_vimx64.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
S2 AODDriver4.2.0;AODDriver4.2.0;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys;c:\windows\SYSNATIVE\DRIVERS\dtsoftbus01.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2014-02-21 07:17	1150280	----a-w-	c:\program files (x86)\Google\Chrome\Application\33.0.1750.117\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2014-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-09-02 07:26]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 14:52]
.
2014-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10 14:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2013-10-18 13657304]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 62.109.121.1 62.109.121.2
FF - ProfilePath - c:\users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\
FF - user.js: extensions.shownSelectionUI - true
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.1_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0001-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.1_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0014-0002-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.4.2"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0025-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_25"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0026-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_26"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0027-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_27"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0028-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_28"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0029-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_29"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-0030-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0_30"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0015-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.5.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_01"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_02"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_03"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0004-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_04"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_05"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0006-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_06"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_07"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0008-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_08"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0009-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_09"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_10"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_11"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_12"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_13"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_14"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_15"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_16"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_17"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0018-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_18"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0019-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_19"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_20"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_21"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_22"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_23"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBB}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBC}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0_24"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{CAFEEFAC-0016-0000-FFFF-ABCDEFFEDCBA}]
@DACL=(02 0000)
@="Java Plug-in 1.6.0"
.
[HKEY_USERS\.Default\Software\Classes\CLSID\{E19F9331-3110-11D4-991C-005004D3B3DB}]
@DACL=(02 0000)
@="Java Plug-in 1.3.0_02"
.
[HKEY_USERS\S-1-5-21-1637580094-1292609826-1814546496-1001_Classes\CLSID]
@DACL=(02 0000)
.
[HKEY_USERS\S-1-5-21-1637580094-1292609826-1814546496-1001_Classes\CLSID\{01E9FAE9-3819-4dd9-B1D9-998A1C62D1F8}]
@DACL=(02 0000)
@="TechnoBaseFMGadget.TechnoBaseFMService"
.
[HKEY_USERS\S-1-5-21-1637580094-1292609826-1814546496-1001_Classes\CLSID\{07474513-7B58-45c7-B3E6-13A3669B1AFD}]
@DACL=(02 0000)
@="IntelDTSReader.IntelDTS"
.
[HKEY_USERS\S-1-5-21-1637580094-1292609826-1814546496-1001_Classes\CLSID\{97D17A04-4438-4C8E-BAC7-BC21B8B9E999}]
@DACL=(02 0000)
@="GPUStatusReader.GPUMonitor"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2014-02-22  07:52:31 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2014-02-22 06:52
.
Vor Suchlauf: 11 Verzeichnis(se), 41.743.728.640 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 41.447.178.240 Bytes frei
.
- - End Of File - - EB19A95C759FC2831EF767D411B24CC5
A36C5E4F47E84449FF07ED3517B43A31
         
DDS:
Code:
ATTFilter
DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 10.0.9200.16660  BrowserJavaVersion: 10.25.2
Run by X at 21:19:46 on 2014-02-13
Microsoft Windows 7 eXtreme™ Draconis Edition   6.1.7601.1.1252.49.1031.18.4096.1967 [GMT 1:00]
.
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\WLANExt.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Users\X\AppData\Roaming\Spotify\spotify.exe
D:\Games\League of Legends\RADS\system\rads_user_kernel.exe
D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
D:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.71\deploy\LolClient.exe
D:\Programme\TS3\ts3client_win64.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
D:\Games\Steam\Steam.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
mWinlogon: Userinit = userinit.exe,
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
uRun: [Spotify Web Helper] "C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
mRun: [ROCCAT Pyra Mouse] "C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE"
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
mRunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe /install /silent
dRun: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-System: EnableLUA = dword:0
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:0
mPolicies-System: EnableInstallerDetection = dword:0
mPolicies-Explorer: NoResolveTrack = dword:1
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
TCP: NameServer = 62.109.121.2 62.109.121.1
TCP: Interfaces\{92CEFB1F-EAA3-4CE4-9A0C-FF565103168C} : DHCPNameServer = 62.109.121.2 62.109.121.1
TCP: Interfaces\{92CEFB1F-EAA3-4CE4-9A0C-FF565103168C}\4505D2C494E4B4F5243454035303 : DHCPNameServer = 192.168.1.1
TCP: Interfaces\{A6A388E7-5283-499D-B51C-921B8A671935} : DHCPNameServer = 62.109.121.2 62.109.121.1
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\32.0.1700.107\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-STS: Windows DreamScene - {E31004D1-A431-41B8-826F-E902F9D95C81} - C:\Windows\System32\DreamScene.dll
Hosts: 127.0.0.1	www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\
FF - plugin: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
---- FIREFOX POLICIES ----
.
FF - user.js: extensions.shownSelectionUI - true
.
.
.
.
.
============= SERVICES / DRIVERS ===============
.
R1 Uim_VIM;UIM Virtual Image Plugin;C:\Windows\System32\drivers\uim_vimx64.sys [2013-3-15 390352]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2013-12-6 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2013-12-6 344064]
R2 AODDriver4.2.0;AODDriver4.2.0;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2013-9-19 59648]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2013-9-24 94208]
R3 dtsoftbus01;DAEMON Tools Virtual Bus Driver;C:\Windows\System32\drivers\dtsoftbus01.sys [2013-8-9 254528]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2012-7-9 104912]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-7-8 123856]
S3 athur;Wireless Network Adapter Service;C:\Windows\System32\drivers\athurx.sys [2013-9-2 1930240]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 MotioninJoyXFilter;MotioninJoy Virtual Xinput device Filter Driver;C:\Windows\System32\drivers\MijXfilt.sys [2013-12-26 121416]
S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\System32\drivers\rdpvideominiport.sys [2010-11-21 20992]
S3 Synth3dVsc;Synth3dVsc;C:\Windows\System32\drivers\Synth3dVsc.sys [2010-11-21 88960]
S3 terminpt;Microsoft Remote Desktop Input Driver;C:\Windows\System32\drivers\terminpt.sys [2010-11-21 34816]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
S3 tsusbhub;tsusbhub;C:\Windows\System32\drivers\tsusbhub.sys [2010-11-21 117248]
S4 RalinkRegistryWriter;RalinkRegistryWriter;C:\Program Files (x86)\Ralink\Common\RaRegistry.exe [2014-1-2 391472]
S4 RalinkRegistryWriter64;RalinkRegistryWriter64;C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe [2014-1-2 452912]
S4 RaMediaServer;Ralink UPnP Media Server;C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [2014-1-2 1863680]
S4 RzKLService;RzKLService;C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [2014-1-8 105448]
.
=============== Created Last 30 ================
.
2014-02-13 00:43:18	25928	----a-w-	C:\Windows\System32\drivers\mbam.sys
2014-02-13 00:43:18	--------	d-----w-	C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-12 23:41:12	--------	d-----w-	C:\Users\X\AppData\Roaming\TeamViewer
2014-02-09 22:15:47	--------	d-----w-	C:\Users\X\AppData\Roaming\Malwarebytes
2014-01-30 22:31:27	--------	d-----w-	C:\output
2014-01-27 20:58:02	--------	d-----w-	C:\Users\X\AppData\Local\Spotify
2014-01-27 20:56:53	--------	d-----w-	C:\Users\X\AppData\Roaming\Spotify
2014-01-26 20:54:59	--------	d-----w-	C:\Users\X\AppData\Roaming\ASCOMP Software
2014-01-26 20:40:32	--------	d-----w-	C:\Users\X\AppData\Local\ElevatedDiagnostics
2014-01-26 19:30:35	--------	d-----w-	C:\ProgramData\backup
2014-01-26 19:30:19	--------	d-----w-	C:\ProgramData\launcher
2014-01-26 19:30:19	--------	d-----w-	C:\ProgramData\explauncher
2014-01-26 19:24:38	--------	d-----w-	C:\Program Files (x86)\Paragon Software
2014-01-26 18:24:09	--------	d-----w-	C:\Users\X\AppData\Roaming\Simply Super Software
2014-01-26 18:23:39	--------	d-----w-	C:\ProgramData\Simply Super Software
2014-01-26 18:23:39	--------	d-----w-	C:\Program Files (x86)\Trojan Remover
2014-01-26 18:23:22	--------	d-----w-	C:\ProgramData\TrojanHunter
2014-01-26 18:23:22	--------	d-----w-	C:\Program Files (x86)\TrojanHunter 5.5
2014-01-26 16:58:27	--------	d-----w-	C:\AdwCleaner
2014-01-26 16:43:29	--------	d-----w-	C:\Program Files\Lavasoft
2014-01-26 16:42:40	--------	d-----w-	C:\Program Files\Common Files\Lavasoft
2014-01-26 16:38:44	--------	d-----w-	C:\Users\X\AppData\Roaming\Spyware Terminator
2014-01-26 16:38:44	--------	d-----w-	C:\ProgramData\Spyware Terminator
2014-01-26 16:38:41	--------	d-----w-	C:\Program Files (x86)\Spyware Terminator
2014-01-26 16:05:34	--------	d-----w-	C:\Users\X\AppData\Roaming\SUPERAntiSpyware.com
2014-01-26 16:05:26	--------	d-----w-	C:\ProgramData\SUPERAntiSpyware.com
2014-01-26 16:05:26	--------	d-----w-	C:\Program Files\SUPERAntiSpyware
2014-01-26 15:29:39	--------	d-----w-	C:\ProgramData\Spybot - Search & Destroy
2014-01-26 15:29:35	--------	d-----w-	C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-26 14:44:39	--------	d--h--w-	C:\NTKernel
2014-01-26 14:06:59	--------	d-sh--w-	C:\ProgramData\h65guhb
2014-01-26 14:06:59	--------	d-sh--r-	C:\Users\X\AppData\Roaming\Microsoft Fx
2014-01-25 14:20:05	--------	d-----w-	C:\Users\X\AppData\Roaming\dclogs
.
==================== Find3M  ====================
.
2014-02-05 22:26:08	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2014-02-05 22:26:08	692616	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-12-06 22:07:36	78432	----a-w-	C:\Windows\System32\atimpc64.dll
2013-12-06 22:07:36	78432	----a-w-	C:\Windows\System32\amdpcom64.dll
2013-12-06 22:07:14	71704	----a-w-	C:\Windows\SysWow64\atimpc32.dll
2013-12-06 22:07:14	71704	----a-w-	C:\Windows\SysWow64\amdpcom32.dll
2013-12-06 22:04:10	143304	----a-w-	C:\Windows\System32\atiuxp64.dll
2013-12-06 22:03:46	126336	----a-w-	C:\Windows\SysWow64\atiuxpag.dll
2013-12-06 22:03:00	115512	----a-w-	C:\Windows\System32\atiu9p64.dll
2013-12-06 22:02:38	98496	----a-w-	C:\Windows\SysWow64\atiu9pag.dll
2013-12-06 22:01:52	1318552	----a-w-	C:\Windows\System32\aticfx64.dll
2013-12-06 22:01:04	1100216	----a-w-	C:\Windows\SysWow64\aticfx32.dll
2013-12-06 22:00:16	9753752	----a-w-	C:\Windows\System32\atidxx64.dll
2013-12-06 21:59:50	8406024	----a-w-	C:\Windows\SysWow64\atidxx32.dll
2013-12-06 21:59:00	8287008	----a-w-	C:\Windows\SysWow64\atiumdva.dll
2013-12-06 21:58:10	6630232	----a-w-	C:\Windows\SysWow64\atiumdag.dll
2013-12-06 21:57:20	8927704	----a-w-	C:\Windows\System32\atiumd6a.dll
2013-12-06 21:56:54	7751920	----a-w-	C:\Windows\System32\atiumd64.dll
2013-12-06 21:52:14	13207552	----a-w-	C:\Windows\System32\drivers\atikmdag.sys
2013-12-06 21:38:52	230912	----a-w-	C:\Windows\System32\clinfo.exe
2013-12-06 21:38:34	99840	----a-w-	C:\Windows\System32\OpenVideo64.dll
2013-12-06 21:38:28	83968	----a-w-	C:\Windows\SysWow64\OpenVideo.dll
2013-12-06 21:38:22	86528	----a-w-	C:\Windows\System32\OVDecode64.dll
2013-12-06 21:38:18	73728	----a-w-	C:\Windows\SysWow64\OVDecode.dll
2013-12-06 21:37:58	29382144	----a-w-	C:\Windows\System32\amdocl64.dll
2013-12-06 21:35:36	24860160	----a-w-	C:\Windows\SysWow64\amdocl.dll
2013-12-06 21:33:28	63488	----a-w-	C:\Windows\System32\OpenCL.dll
2013-12-06 21:33:24	57344	----a-w-	C:\Windows\SysWow64\OpenCL.dll
2013-12-06 21:26:44	129536	----a-w-	C:\Windows\System32\coinst_13.251.dll
2013-12-06 21:16:40	26352128	----a-w-	C:\Windows\System32\atio6axx.dll
2013-12-06 21:13:02	368640	----a-w-	C:\Windows\System32\atiapfxx.exe
2013-12-06 21:12:52	62464	----a-w-	C:\Windows\System32\aticalrt64.dll
2013-12-06 21:12:50	52224	----a-w-	C:\Windows\SysWow64\aticalrt.dll
2013-12-06 21:12:42	55808	----a-w-	C:\Windows\System32\aticalcl64.dll
2013-12-06 21:12:40	49152	----a-w-	C:\Windows\SysWow64\aticalcl.dll
2013-12-06 21:12:26	15716352	----a-w-	C:\Windows\System32\aticaldd64.dll
2013-12-06 21:09:18	14302208	----a-w-	C:\Windows\SysWow64\aticaldd.dll
2013-12-06 20:58:50	22157824	----a-w-	C:\Windows\SysWow64\atioglxx.dll
2013-12-06 20:53:18	442368	----a-w-	C:\Windows\System32\atidemgy.dll
2013-12-06 20:53:10	31232	----a-w-	C:\Windows\System32\atimuixx.dll
2013-12-06 20:53:04	588288	----a-w-	C:\Windows\System32\atieclxx.exe
2013-12-06 20:52:10	239616	----a-w-	C:\Windows\System32\atiesrxx.exe
2013-12-06 20:50:36	190976	----a-w-	C:\Windows\System32\atitmm64.dll
2013-12-06 20:22:42	1144320	----a-w-	C:\Windows\System32\atiadlxx.dll
2013-12-06 20:22:28	825344	----a-w-	C:\Windows\SysWow64\atiadlxy.dll
2013-12-06 20:22:12	74752	----a-w-	C:\Windows\System32\atig6pxx.dll
2013-12-06 20:22:08	69632	----a-w-	C:\Windows\SysWow64\atiglpxx.dll
2013-12-06 20:22:08	69632	----a-w-	C:\Windows\System32\atiglpxx.dll
2013-12-06 20:22:04	100352	----a-w-	C:\Windows\System32\atig6txx.dll
2013-12-06 20:21:54	96768	----a-w-	C:\Windows\SysWow64\atigktxx.dll
2013-12-06 20:21:44	626176	----a-w-	C:\Windows\System32\drivers\atikmpag.sys
2013-12-06 20:18:12	43520	----a-w-	C:\Windows\System32\drivers\ati2erec.dll
2013-12-06 15:49:18	51200	----a-w-	C:\Windows\System32\kdbsdk64.dll
2013-12-06 15:44:26	38912	----a-w-	C:\Windows\SysWow64\kdbsdk32.dll
.
============= FINISH: 21:20:24,97 ===============
         
OTL Extras log:
Code:
ATTFilter
OTL Extras logfile created on: 01.03.2014 01:22:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\X\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,49% Memory free
8,00 Gb Paging File | 5,78 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,13 Gb Total Space | 35,90 Gb Free Space | 47,78% Space Free | Partition Type: NTFS
Drive D: | 390,53 Gb Total Space | 234,50 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
 
Computer Name: PHANT0M | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2380258265-3006174749-279724184-1001]
"EnableNotifications" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{22589CDB-43F9-46A4-AB8E-62342FBD2BD8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{244F3F27-3CA9-447F-BF84-0859319C17ED}" = rport=445 | protocol=6 | dir=out | app=system | 
"{252F24A8-720C-4542-A856-F71F225CBE33}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{30923972-D3DD-4CD8-997D-10AECD4C8995}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{3137A27B-B8C4-4656-AC4A-738D050809F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{394A32F5-3EF3-4D05-A9F7-FCD7F8A72B34}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3E00A290-BDFC-44F0-855F-50802158238E}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3E2E22E3-D908-4573-A791-23B0BEE1A765}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4C1C775D-D6AE-421F-BCF3-13BCBC21E82A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4E29C420-1012-43F5-8DD2-432087A90B96}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{5515EA5B-9452-4D2A-9D81-0D31CBE50F41}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{63362645-4646-4175-9849-9147E7DB1D31}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7AB635D1-5572-473D-8D65-657819612BF5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8DA2B1A6-DD0C-4C5B-A76C-07722BFB115E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{9275D3B2-BBF1-4E14-8584-4EEFA456EE10}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9358E592-F922-44CA-AFA2-C162CDA2FA0F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{9895F397-20ED-4478-AF1B-65CDAECA28A5}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9A91FE8E-6DE9-4BCA-9C54-A60F37A5117A}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9F098454-E613-4EC5-8B73-CAF705D7C89C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A00A5567-C13D-4F97-ADF6-9B576BB8A536}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{A262220A-641E-4873-8BA2-A59D106722C8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7F15C06-6B08-43EF-A361-44FDA2AC5418}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BC28E157-FBB0-4DBC-8CD8-E0E1F0EC31A1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{C083AE03-FF43-4001-ACC5-0B0D9C9C3329}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0C8D591-C156-4FAD-9471-FDD15E5FFAE5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C2BC34E5-5721-48F4-A388-B3A931229265}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C556F3B9-1D52-4A45-9AD9-E4E4B9EFFCF0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D120F741-6411-4126-8552-0B5E831FF7CC}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D86CFD2B-7B6F-4080-9710-10BDAA52F56B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D879AB43-2C5B-460A-AB36-F736B7C237DC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DD4BF8F4-6E41-4CF1-8D3F-A1B1CA2945CF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{E6DA5CA5-4191-4778-8B94-766C87FDC20F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA34106B-D343-4C93-8FFB-482167A72895}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01F05E2F-2E84-4F8E-877F-DCFACBAC7C8B}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{060E8A14-4001-4B14-8616-91B19BF282FB}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe | 
"{1DCC2209-D020-44FF-8585-ACB9BCCB5C22}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe | 
"{20E29D9F-BFF1-4F77-B07F-BD89E02F4800}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{226312D3-208F-4DE4-9A6B-E834E321ED63}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{273019AC-A8FD-4FA3-93B5-B2EB1F98B1A5}" = protocol=6 | dir=out | app=system | 
"{2739DE10-7A61-4ADE-BDB9-697FA822911B}" = protocol=17 | dir=in | app=d:\games\steam\steam.exe | 
"{2A6A24C2-1A1B-4BE4-8AD3-DA29E05D83C6}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"{2C39E25A-4CB4-4EAD-BFD4-390B2AAF1178}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{2FB62CEB-BF94-4EC3-AC0F-1B90EE39DEB8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{30919BBB-48FB-4EF1-8FE4-D5841D379C86}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe | 
"{33D5D3D5-77A2-484B-BE44-130B3F79716F}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{410AAB08-BC0C-4F40-86E1-99D22316D7B4}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{411C780B-5BBC-47FC-8344-C2B3F22ADA58}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{45EF0332-7D09-4C46-AE46-6A6666AF1E6F}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike source\hl2.exe | 
"{466075E1-0C3A-48F3-9EB8-1134FD651DC1}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{4A056C85-404D-4AFB-BDCF-9C0462950C98}" = protocol=6 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe | 
"{50EC73E9-B630-41B7-9B58-FAB808E390DA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{53BFD30E-66E0-4FCE-B707-3513803E166E}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\raui.exe | 
"{568B8032-791F-42DA-BFBB-D5AC6B6AB961}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{59DBC66C-A419-476D-9E40-43C28F659CF3}" = protocol=17 | dir=in | app=c:\program files (x86)\ralink\common\ramediaserver.exe | 
"{5B501CE9-8A6F-4CFF-BD1E-3BE7E42F1ED6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{5DABB23C-D318-402D-B605-38C84E574F09}" = protocol=6 | dir=in | app=c:\users\x\appdata\roaming\spotify\spotify.exe | 
"{5DFC0804-BE62-4C12-811E-83B49D2399BF}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{615EA2BC-ADBE-47FD-9C88-28B0EBF9E0D7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{62009EDA-45FF-44BB-A71C-0EA6368ECC21}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{6F186419-5287-445D-8519-C688F1A9B934}" = protocol=17 | dir=in | app=c:\users\x\appdata\roaming\spotify\spotify.exe | 
"{6FFB7548-DA1D-4BD9-B9EF-8BE54224EB10}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7128F278-B309-4714-B11C-0733B17ABF72}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{73615B15-459D-4701-9A15-EC70C515B6DA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8251FC3D-41FF-4C9B-99FD-0D5BBFBA6D0F}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{8D941B83-AB29-4CAC-830A-1D8771E5D30B}" = protocol=17 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{911AEE91-BB76-48B4-91F0-63284AB42C0A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{924594C2-802A-43B5-B8FF-35CA9860FDD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9534B479-4B02-4D9D-8F4E-90C012469EDB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2045\agent.exe | 
"{A1712FD2-83D0-457F-ACB5-53CB75A64758}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{A626BF13-B7F8-4652-8CAC-AE36D6F297F2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD56B84C-A575-4C44-A7A3-9FC818A985D8}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B5EE9967-9C0D-4193-8655-E3789CACACE4}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{B6E43CF2-9ADB-4AAF-AA64-FD6B012BE52A}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{B7F61863-08DD-47A8-8BA0-AD2ED2DD5873}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike source\hl2.exe | 
"{B8E9A117-F47E-4554-AC18-7544BB45BBEB}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BA3A2F26-DD51-46C7-AF8A-6A49EF3CBFE6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{BC7360EF-3073-425B-BAAC-E28157710208}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{C5CD6F21-1997-4924-AAE8-7BFCA1B0E7D5}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe | 
"{C8101DB0-5605-4F1C-8796-13E933D9089F}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{CD3CFFDB-3E2D-46CE-82DC-9783913995C2}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{D97F8C43-480B-449C-8175-D9903A26AD93}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E0FF7866-A349-42D1-BBC9-30D8E5671EFB}" = protocol=6 | dir=in | app=d:\games\steam\steam.exe | 
"{E1110FEC-0B77-4EB7-A37E-5241623E5FED}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminator.exe | 
"{E4F08DFA-0752-41E7-A8DF-61042D073562}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E59EC62A-9C83-40E8-8187-8D9C05DA3715}" = protocol=6 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6sp64_ship.exe | 
"{E5B81766-FD86-4300-81A3-2445E4310984}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{EF47C24C-EA17-4EF5-8374-ED5E3AEB18BD}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{F84249AD-388D-4D8D-9293-538DA07E5056}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{FCB8A2EF-663B-48CC-BF43-9AA19FAD25F0}" = protocol=17 | dir=in | app=d:\games\steam\steamapps\common\call of duty ghosts\iw6mp64_ship.exe | 
"{FF7A6D1D-F118-4CDC-BD9D-4E60DD41E95C}" = protocol=6 | dir=in | app=c:\program files (x86)\spyware terminator\spywareterminatorupdate.exe | 
"TCP Query User{7459C6D1-5F4E-4CB1-8DA2-A2A1FE78C83B}D:\games\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=d:\games\counter-strike 1.6\hl.exe | 
"UDP Query User{1540AB7D-E513-4699-BB2D-60957C3EEEC2}D:\games\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=d:\games\counter-strike 1.6\hl.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1" = MotioninJoy Gamepad tool 0.7.1001
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DF39B3F-E4C4-9FAF-229B-863F12AB405C}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D386FE62-CD8D-C8E0-DCA7-ED5FCAB476A5}" = AMD Wireless Display v3.0
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"NVIDIA Drivers" = NVIDIA Drivers
"VLC media player" = VLC media player 2.0.7
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D562B5-C4E2-4846-A920-33178788BE00}" = Windows Live Communications Platform
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0A5B39D2-7ED6-4779-BCC9-37F381139DB3}" = Adobe AIR
"{0F929651-F516-4956-90F2-FFBD2CD5D30E}" = Photo Gallery
"{0FD66C6F-4023-4C74-AF8E-9B8B2053868E}" = Fotogalerie
"{0FF9CC94-EF23-401E-BDBD-37403D1A2B38}" = Windows Live SOXE Definitions
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{23B93929-FAD4-40E5-96C6-0E977BB87204}" = Windows Live Essentials
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{26A24AE4-039D-4CA4-87B4-2F83217025FF}" = Java 7 Update 25
"{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}" = Ralink RT2870 Wireless LAN Card
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}" = TL-WN721N/TL-WN722N Driver
"{3D6AD258-61EA-35F5-812C-B7A02152996E}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{45898170-E68C-4F02-AA35-C2186BF347A3}" = Movie Maker
"{49DC9658-D26A-4AAB-A83A-2655B8033056}" = Photo Common
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56736259-613E-4A3B-B428-6235F2E76F44}_is1" = Spyware Terminator 2012
"{5A0EE0F0-E909-4F3B-B437-AAD9252427CB}" = Windows Live Installer
"{6066D3FE-3692-4449-A3C8-D1EAA2C0E9E7}" = Movie Maker
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{63059735-CA97-FDFB-0E7A-3B8D81572EFD}" = Application Profiles
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{6B6923B9-8719-425B-916C-CD2908F31AAF}" = Windows Live SOXE
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1" = GPU Temp version 1.0
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{918F769E-02E8-44EC-8373-4888B23B2492}" = ROCCAT Pyra Mouse Driver
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{95716cce-fc71-413f-8ad5-56c2892d4b3a}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B28DBCBA-60F8-40ED-B35B-F510C327946C}" = OpenOffice 4.0.0
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BC30E5E7-047D-4232-A7E8-F2CB7CC7B2E0}_is1" = Emsisoft Anti-Malware
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2013 Free
"{C6B0EE9E-2128-4448-B7AE-5E2B46E0F0E7}" = Windows Live Photo Common
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{CCC7C18E-1BEA-409F-B7A9-6C9740B99119}" = Windows Live UX Platform Language Pack
"{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}" = Curse
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E3445598-4424-4EE2-B71C-C23325F7FB71}" = Windows Live PIMT Platform
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{E7D4E834-93EB-351F-B8FB-82CDAE623003}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E58739-2B4C-498F-9B0D-FF0F2FD52B61}" = Windows Live UX Platform
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Battle.net" = Battle.net
"DAEMON Tools Lite" = DAEMON Tools Lite
"Google Chrome" = Google Chrome
"ImgBurn" = ImgBurn
"Mozilla Firefox 27.0.1 (x86 de)" = Mozilla Firefox 27.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"PhotoScape" = PhotoScape
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 240" = Counter-Strike: Source
"Steam App 550" = Left 4 Dead 2
"Steam App 730" = Counter-Strike: Global Offensive
"WinLiveSuite" = Windows Live Essentials
"Wise Registry Cleaner_is1" = Wise Registry Cleaner 7.94
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Spotify" = Spotify
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.02.2014 09:00:38 | Computer Name = Phant0m | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.02.2014 08:33:51 | Computer Name = Phant0m | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2014 07:14:05 | Computer Name = Phant0m | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2014 19:00:34 | Computer Name = Phant0m | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.02.2014 19:08:13 | Computer Name = Phant0m | Source = .NET Runtime | ID = 1026
Description = Application: LolClient.exe Framework Version: v4.0.30319 Description:
 The process was terminated due to an unhandled exception. Exception Info: exception
 code c0000005, exception address 59ADDD76 
 
Error - 28.02.2014 19:08:14 | Computer Name = Phant0m | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LolClient.exe, Version: 0.0.0.0, 
Zeitstempel: 0x515663e0  Name des fehlerhaften Moduls: Adobe AIR.dll, Version: 3.7.0.1530,
 Zeitstempel: 0x5156646c  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0006dd76  ID des fehlerhaften
 Prozesses: 0xd74  Startzeit der fehlerhaften Anwendung: 0x01cf34d937a34bf0  Pfad der
 fehlerhaften Anwendung: D:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.74\deploy\LolClient.exe
Pfad
 des fehlerhaften Moduls: D:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.74\deploy\Adobe
 AIR\Versions\1.0\Adobe AIR.dll  Berichtskennung: 332e2990-a0cd-11e3-8ddd-00241d699e74
 
Error - 28.02.2014 19:39:06 | Computer Name = Phant0m | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDTray.exe, Version: 2.1.21.129, 
Zeitstempel: 0x51f0ed9e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x11f0  Startzeit der fehlerhaften Anwendung: 0x01cf34de432647c0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 83050480-a0d1-11e3-8ddd-00241d699e74
 
Error - 28.02.2014 19:39:17 | Computer Name = Phant0m | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDTray.exe, Version: 2.1.21.129, 
Zeitstempel: 0x51f0ed9e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0xb74  Startzeit der fehlerhaften Anwendung: 0x01cf34de4b97b010  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: 89575d60-a0d1-11e3-8ddd-00241d699e74
 
Error - 28.02.2014 19:40:56 | Computer Name = Phant0m | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDTray.exe, Version: 2.1.21.129, 
Zeitstempel: 0x51f0ed9e  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x12e8  Startzeit der fehlerhaften Anwendung: 0x01cf34de865f99b0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: c446f340-a0d1-11e3-8ddd-00241d699e74
 
Error - 28.02.2014 19:41:02 | Computer Name = Phant0m | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SDWelcome.exe, Version: 2.2.21.129,
 Zeitstempel: 0x51dd1105  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18015,
 Zeitstempel: 0x50b83c8a  Ausnahmecode: 0x0eedfade  Fehleroffset: 0x0000c41f  ID des fehlerhaften
 Prozesses: 0x670  Startzeit der fehlerhaften Anwendung: 0x01cf34de8a27ec50  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\syswow64\KERNELBASE.dll  Berichtskennung: c7e7e7c0-a0d1-11e3-8ddd-00241d699e74
 
[ System Events ]
Error - 26.01.2014 14:52:36 | Computer Name = Phant0m | Source = Service Control Manager | ID = 7001
Description = Der Dienst "PnP-X-IP-Busenumerator" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.01.2014 14:52:36 | Computer Name = Phant0m | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Media Center Extender-Dienst" ist vom Dienst "Funktionssuchanbieter-Host"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.01.2014 14:52:36 | Computer Name = Phant0m | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 26.01.2014 14:52:49 | Computer Name = Phant0m | Source = DCOM | ID = 10005
Description = 
 
Error - 26.01.2014 15:05:30 | Computer Name = Phant0m | Source = DCOM | ID = 10010
Description = 
 
Error - 27.01.2014 16:28:46 | Computer Name = Phant0m | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?27.?01.?2014 um 21:26:53 unerwartet heruntergefahren.
 
Error - 28.01.2014 07:50:46 | Computer Name = Phant0m | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?28.?01.?2014 um 12:41:46 unerwartet heruntergefahren.
 
Error - 29.01.2014 06:56:07 | Computer Name = Phant0m | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 04.02.2014 13:34:16 | Computer Name = Phant0m | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von 
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
 Firmware verfügbar ist.
 
Error - 04.02.2014 14:07:20 | Computer Name = Phant0m | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Superfetch" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 60000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >
         


Alt 05.03.2014, 19:02   #6
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



OTL:
Code:
ATTFilter
OTL logfile created on: 01.03.2014 01:22:22 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\X\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16660)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,82 Gb Available Physical Memory | 45,49% Memory free
8,00 Gb Paging File | 5,78 Gb Available in Paging File | 72,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 75,13 Gb Total Space | 35,90 Gb Free Space | 47,78% Space Free | Partition Type: NTFS
Drive D: | 390,53 Gb Total Space | 234,50 Gb Free Space | 60,05% Space Free | Partition Type: NTFS
 
Computer Name: PHANT0M | User Name: X | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2014.03.01 01:20:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
PRC - [2014.03.01 00:01:25 | 004,781,832 | ---- | M] (Curse, Inc) -- C:\Users\X\AppData\Roaming\Curse Client\Bin\Curse.exe
PRC - [2014.02.21 08:26:16 | 001,863,560 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
PRC - [2014.02.16 19:14:27 | 001,171,968 | ---- | M] (Spotify Ltd) -- C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2014.02.16 18:01:13 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
PRC - [2010.09.07 09:26:10 | 000,532,480 | ---- | M] (ROCCAT) -- C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2014.02.22 13:46:20 | 000,343,040 | ---- | M] () -- C:\Users\X\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
MOD - [2014.02.21 08:26:16 | 016,265,096 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll
MOD - [2014.02.16 18:01:13 | 003,578,992 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2014.01.15 15:57:52 | 000,171,520 | ---- | M] () -- C:\Users\X\AppData\Roaming\Curse Client\Bin\EasyHook32.dll
MOD - [2013.12.13 07:12:44 | 000,307,712 | ---- | M] () -- C:\Users\X\AppData\Roaming\Curse Client\Bin\opus.dll
MOD - [2013.09.24 17:51:10 | 002,957,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\425664125234f98c109b88e368c06a47\System.IdentityModel.ni.dll
MOD - [2013.09.24 17:51:07 | 000,523,776 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\a51e3af81b07c1f99eb457c59e36709a\System.Net.Http.ni.dll
MOD - [2013.09.24 17:51:06 | 019,524,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\8425ade88238e0ff4275482c440cf770\System.ServiceModel.ni.dll
MOD - [2013.09.24 17:50:44 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\2d87130821f30d2d9e6dc2ea6fad545f\System.Xml.Linq.ni.dll
MOD - [2013.09.24 17:50:08 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\df646a0b29f3c1507f8f1ba18b1008ee\PresentationFramework-SystemXml.ni.dll
MOD - [2013.09.24 17:50:08 | 000,013,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio4b37ff64#\5aee59ae2e9334a39da3c4a3622b0446\PresentationFramework-SystemXmlLinq.ni.dll
MOD - [2013.09.24 17:50:07 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\f724ee38d18d3ee802ed4eee03ea5ebc\PresentationFramework-SystemData.ni.dll
MOD - [2013.09.24 14:51:40 | 018,524,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\cba0deda4a4dc3351b60ef5847331a57\PresentationFramework.ni.dll
MOD - [2013.09.24 14:51:25 | 013,319,168 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\605f8c525edc9f0a50deff5c0fb44feb\System.Web.ni.dll
MOD - [2013.09.24 14:51:23 | 010,914,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\642dbe544bf2def0f54cbccbd3732744\PresentationCore.ni.dll
MOD - [2013.09.24 14:51:18 | 000,641,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\1d8e92865dceef10bd1624e3355963a6\System.Transactions.ni.dll
MOD - [2013.09.24 14:51:17 | 001,870,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a9d0b7d28ba499f0cdad60cdcbc28945\System.Xaml.ni.dll
MOD - [2013.09.24 14:51:17 | 000,239,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Comp46f2b404#\1667f6582c16a103b4bc7c76cfd93271\System.ComponentModel.DataAnnotations.ni.dll
MOD - [2013.09.24 14:51:14 | 007,248,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\663e5f9b02779aee04abd14fa4f3da4e\System.Data.ni.dll
MOD - [2013.09.24 14:51:14 | 003,905,024 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\5ad58a64251c19ef5bf00bbed67da6ea\WindowsBase.ni.dll
MOD - [2013.09.24 14:51:14 | 000,786,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\dd59e1b9b7fc83b22fa0086b13a59e53\System.Runtime.Remoting.ni.dll
MOD - [2013.09.24 14:51:11 | 000,462,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\221ec7edb0ebd1961ed8f4bf9a2e9797\PresentationFramework.Aero.ni.dll
MOD - [2013.09.24 14:51:10 | 012,692,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\cf69692e15561d1b3b29fa0925ebb2d6\System.Windows.Forms.ni.dll
MOD - [2013.09.24 14:51:07 | 000,985,088 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Compba577418#\62bc618c9f3bb9c97654da9d5c03bb74\System.ComponentModel.Composition.ni.dll
MOD - [2013.09.24 14:51:06 | 007,559,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\dfbb3911667f61a331d0a4fe2ea4c977\System.Xml.ni.dll
MOD - [2013.09.24 14:51:06 | 006,995,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\7380d35c99a7df2904bdb3412b1964ec\System.Core.ni.dll
MOD - [2013.09.24 14:51:05 | 000,802,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\bec16b4a17ccde41796279d03ffa4fe7\System.ServiceModel.Internals.ni.dll
MOD - [2013.09.24 14:51:05 | 000,121,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\8b1a5ba2e581c45c5c478d5813cd44a8\SMDiagnostics.ni.dll
MOD - [2013.09.24 14:51:04 | 002,785,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\d1d4bd2cd0772079c6b99c122d196299\System.Runtime.Serialization.ni.dll
MOD - [2013.09.24 14:51:01 | 001,630,720 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\7f4d08ffa8a1733a95b807e39fc4930f\System.Drawing.ni.dll
MOD - [2013.09.24 14:50:59 | 000,958,464 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\58525c5d513b1f8b2f9237eb8834fa21\System.Configuration.ni.dll
MOD - [2013.09.24 14:50:58 | 009,927,680 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a1fa328a03c2febf8295cd3d7d1025c1\System.ni.dll
MOD - [2013.09.02 21:13:25 | 000,189,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\fedb1433422296012c8ce48902458bf1\UIAutomationTypes.ni.dll
MOD - [2013.09.02 21:13:24 | 000,100,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\b6d5fa75e3cc493fa9d509124d5962ba\UIAutomationProvider.ni.dll
MOD - [2013.09.02 19:46:46 | 000,145,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\1346fe7d35b70702029e422970db1201\System.Numerics.ni.dll
MOD - [2013.09.02 19:46:45 | 016,501,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\51e2934144ba15628ba5a31be2dae7dc\mscorlib.ni.dll
MOD - [2009.10.31 06:13:52 | 000,061,440 | ---- | M] () -- C:\Program Files (x86)\ROCCAT\Pyra Mouse\hiddriver.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.12.06 21:52:10 | 000,239,616 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2013.12.06 16:06:06 | 000,344,064 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2014.02.21 08:26:16 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.02.16 18:01:13 | 000,118,896 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.01.31 18:01:30 | 010,820,032 | ---- | M] (SurfRight B.V.) [Auto | Stopped] -- C:\USERS\X\APPDATA\LOCAL\TEMP\RAR$EX71.392\HITMANPRO_X64.EXE -- (HitmanPro37CrusaderBoot)
SRV - [2013.12.11 20:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.11.22 12:36:18 | 000,105,448 | ---- | M] (Razer Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe -- (RzKLService)
SRV - [2013.06.26 11:08:04 | 000,452,912 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry64.exe -- (RalinkRegistryWriter64)
SRV - [2013.06.26 11:07:18 | 000,391,472 | ---- | M] (Ralink Technology, Corp.) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaRegistry.exe -- (RalinkRegistryWriter)
SRV - [2013.05.11 11:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc)
SRV - [2012.07.17 14:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.07.09 00:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2012.07.06 18:20:54 | 001,863,680 | ---- | M] (Ralink) [Disabled | Stopped] -- C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe -- (RaMediaServer)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2014.03.01 00:07:32 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\stflt.sys -- (sp_rsdrv2)
DRV:64bit: - [2013.12.06 22:52:14 | 013,207,552 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.12.06 21:21:44 | 000,626,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.09.24 15:53:50 | 000,094,208 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.09.06 20:43:08 | 002,273,072 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2013.08.09 21:22:51 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.03.15 16:00:06 | 000,633,680 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Uim_IMx64.sys -- (Uim_IM)
DRV:64bit: - [2013.03.15 16:00:06 | 000,390,352 | ---- | M] (Paragon) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uim_vimx64.sys -- (Uim_VIM)
DRV:64bit: - [2013.03.15 16:00:06 | 000,090,960 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\uimx64.sys -- (UimBus)
DRV:64bit: - [2012.06.05 06:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.05.12 12:31:00 | 000,121,416 | ---- | M] (MotioninJoy) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MijXfilt.sys -- (MotioninJoyXFilter)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.07 19:42:28 | 000,074,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2011.04.20 02:07:48 | 001,930,240 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athurx.sys -- (athur)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:24:43 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:48 | 000,117,248 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tsusbhub.sys -- (tsusbhub)
DRV:64bit: - [2010.11.21 04:23:48 | 000,088,960 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Synth3dVsc.sys -- (Synth3dVsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:48 | 000,034,816 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\terminpt.sys -- (terminpt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.03.04 11:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.09.19 23:05:02 | 000,059,648 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2.0)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 8C D1 26 D9 95 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.5.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:27.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: D:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.8: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2013.09.02 19:17:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Extensions
[2014.02.26 20:17:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\9aws0x8x.default\extensions
[2013.12.11 00:36:24 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\X\AppData\Roaming\mozilla\Firefox\Profiles\9aws0x8x.default\extensions\ich@maltegoetz.de
[2014.02.26 20:17:23 | 000,957,290 | ---- | M] () (No name found) -- C:\Users\X\AppData\Roaming\mozilla\firefox\profiles\9aws0x8x.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2014.02.16 18:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\browser\extensions
[2014.02.16 18:01:13 | 000,000,000 | ---D | M] (Default) -- C:\Program Files (x86)\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Erster Nutzer (Disabled) = C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: AdBlock = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.6_0\
CHR - Extension: avast! Online Security = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki\8.0.8_0\
CHR - Extension: Arcane Legends = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido\1.0.2.2_0\
CHR - Extension: Chrome In-App Payments service = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.4.10_0\
CHR - Extension: ScriptSafe = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf\1.0.6.16_0\
CHR - Extension: Google Mail = C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2014.02.22 07:48:10 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {32099AAC-C132-4136-9E9A-4E364A424E17} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [ROCCAT Pyra Mouse] C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE (ROCCAT)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - Startup: C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk = C:\Users\X\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetOpenWith = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 10.25.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A6A388E7-5283-499D-B51C-921B8A671935}: DhcpNameServer = 62.109.121.2 62.109.121.1
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.03.01 01:20:54 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2014.03.01 00:43:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
[2014.03.01 00:43:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2014.03.01 00:43:00 | 000,000,000 | ---D | C] -- C:\Users\X\Documents\Anti-Malware
[2014.03.01 00:40:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2014.03.01 00:33:04 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014.03.01 00:11:53 | 102,927,640 | ---- | C] (Microsoft Corporation) -- C:\Users\X\Desktop\msert.exe
[2014.03.01 00:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2014.03.01 00:09:13 | 040,658,208 | ---- | C] (Safer-Networking Ltd.                                       ) -- C:\Users\X\Desktop\spybot-2.2.25.exe
[2014.03.01 00:07:32 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014.03.01 00:07:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2014.03.01 00:06:51 | 005,049,344 | ---- | C] (Crawler.com                                                 ) -- C:\Users\X\Desktop\SpywareTerminatorSetup_3.0.0.82.exe
[2014.03.01 00:05:31 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERSetup
[2014.02.27 18:20:34 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Curse Advertising
[2014.02.27 18:20:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Curse Client
[2014.02.27 18:19:57 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Curse
[2014.02.22 07:54:47 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2014.02.22 07:52:33 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2014.02.21 15:42:00 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2014.02.21 15:42:00 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2014.02.21 15:42:00 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2014.02.21 15:41:54 | 000,000,000 | -H-D | C] -- C:\Qoobox
[2014.02.21 15:41:41 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2014.02.17 22:32:33 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\Malwarebytes
[2014.02.16 18:01:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2014.02.13 00:41:12 | 000,000,000 | ---D | C] -- C:\Users\X\AppData\Roaming\TeamViewer
 
========== Files - Modified Within 30 Days ==========
 
[2014.03.01 01:26:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.03.01 01:20:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\X\Desktop\OTL.exe
[2014.03.01 01:15:04 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.01 00:41:53 | 000,000,085 | ---- | M] () -- C:\Windows\wininit.ini
[2014.03.01 00:33:04 | 000,115,600 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2014.03.01 00:33:04 | 000,093,378 | ---- | M] () -- C:\Windows\SysNative\bootdelete.lst
[2014.03.01 00:33:04 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\SysNative\bootdelete.exe
[2014.03.01 00:19:10 | 102,927,640 | ---- | M] (Microsoft Corporation) -- C:\Users\X\Desktop\msert.exe
[2014.03.01 00:10:27 | 040,658,208 | ---- | M] (Safer-Networking Ltd.                                       ) -- C:\Users\X\Desktop\spybot-2.2.25.exe
[2014.03.01 00:07:32 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2014.03.01 00:07:31 | 000,001,042 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014.03.01 00:07:12 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.03.01 00:07:12 | 000,021,248 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.03.01 00:07:02 | 005,049,344 | ---- | M] (Crawler.com                                                 ) -- C:\Users\X\Desktop\SpywareTerminatorSetup_3.0.0.82.exe
[2014.02.28 23:59:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.02.28 23:58:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.02.28 23:58:49 | 3220,873,216 | -HS- | M] () -- C:\hiberfil.sys
[2014.02.27 18:20:43 | 000,001,008 | ---- | M] () -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
[2014.02.27 18:20:43 | 000,000,998 | ---- | M] () -- C:\Users\X\Desktop\Curse.lnk
[2014.02.27 14:05:39 | 000,190,306 | ---- | M] () -- C:\Users\X\Desktop\lcs.xps
[2014.02.26 14:45:54 | 000,090,327 | ---- | M] () -- C:\Users\X\Desktop\yeay.jpg
[2014.02.23 18:09:28 | 000,036,594 | ---- | M] () -- C:\Users\X\Desktop\1800487_3832086498895_312349564_n.jpg
[2014.02.22 18:24:56 | 000,106,260 | ---- | M] () -- C:\Users\X\Desktop\923458_301194626694689_346448997_n.jpg
[2014.02.22 07:48:10 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2014.02.21 08:26:16 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.02.21 08:26:16 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.20 14:37:08 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\sfc
[2014.02.19 01:07:24 | 003,836,290 | ---- | M] () -- C:\Users\X\Desktop\LET IT GO - Special Edition in 25 Sprachen - DIE EISKÖNIGIN - Frozen - Disney.mp3
[2014.02.18 01:00:40 | 000,045,280 | ---- | M] () -- C:\Users\X\Desktop\1526674_289115094569309_13208725_n.jpg
[2014.02.16 19:14:28 | 000,001,784 | ---- | M] () -- C:\Users\X\Desktop\Spotify.lnk
[2014.02.13 00:04:51 | 000,121,879 | ---- | M] () -- C:\Users\X\Desktop\Identformular.pdf
 
========== Files Created - No Company Name ==========
 
[2014.03.01 00:41:45 | 000,000,085 | ---- | C] () -- C:\Windows\wininit.ini
[2014.03.01 00:33:04 | 000,115,600 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2014.03.01 00:31:25 | 000,093,378 | ---- | C] () -- C:\Windows\SysNative\bootdelete.lst
[2014.03.01 00:07:31 | 000,001,042 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2014.02.27 18:20:13 | 000,001,008 | ---- | C] () -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
[2014.02.27 18:20:13 | 000,000,998 | ---- | C] () -- C:\Users\X\Desktop\Curse.lnk
[2014.02.27 18:20:13 | 000,000,984 | ---- | C] () -- C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
[2014.02.27 14:05:36 | 000,190,306 | ---- | C] () -- C:\Users\X\Desktop\lcs.xps
[2014.02.26 14:45:36 | 000,090,327 | ---- | C] () -- C:\Users\X\Desktop\yeay.jpg
[2014.02.23 18:09:28 | 000,036,594 | ---- | C] () -- C:\Users\X\Desktop\1800487_3832086498895_312349564_n.jpg
[2014.02.22 18:24:56 | 000,106,260 | ---- | C] () -- C:\Users\X\Desktop\923458_301194626694689_346448997_n.jpg
[2014.02.21 15:42:00 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2014.02.21 15:42:00 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2014.02.21 15:42:00 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2014.02.21 15:42:00 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2014.02.21 15:42:00 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2014.02.20 14:37:08 | 000,000,000 | ---- | C] () -- C:\Windows\SysNative\sfc
[2014.02.19 01:07:19 | 003,836,290 | ---- | C] () -- C:\Users\X\Desktop\LET IT GO - Special Edition in 25 Sprachen - DIE EISKÖNIGIN - Frozen - Disney.mp3
[2014.02.18 01:00:40 | 000,045,280 | ---- | C] () -- C:\Users\X\Desktop\1526674_289115094569309_13208725_n.jpg
[2014.02.13 00:04:51 | 000,121,879 | ---- | C] () -- C:\Users\X\Desktop\Identformular.pdf
[2014.02.08 20:10:25 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.01.02 14:02:34 | 000,000,000 | -H-- | C] () -- C:\ProgramData\DP45977C.lfl
[2014.01.02 13:41:30 | 000,080,316 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW_7610.bin
[2014.01.02 13:41:30 | 000,046,692 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW_7601.bin
[2014.01.02 13:41:29 | 000,013,973 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2014.01.02 13:41:29 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW_2870.bin
[2014.01.02 13:41:29 | 000,004,096 | ---- | C] () -- C:\Windows\SysWow64\drivers\FW_3573.bin
[2014.01.02 13:41:19 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2014.01.02 13:41:18 | 000,792,416 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2013.12.06 16:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.11.05 19:39:44 | 000,000,000 | -HS- | C] () -- C:\Users\X\AppData\Local\LumaEmu
[2013.08.30 00:17:00 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2013.08.10 20:06:55 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.08.09 21:21:50 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.08.09 21:19:31 | 001,602,716 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.03.29 03:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 03:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.29 02:38:08 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.03.29 02:38:08 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 06:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 05:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\SysWow64\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Hijackthis:
Code:
ATTFilter
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 01:37:08, on 01.03.2014
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v10.0 (10.00.9200.16660)
Boot mode: Normal

Running processes:
C:\Program Files (x86)\RocketDock\RocketDock.exe
C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
C:\Users\X\AppData\Roaming\Curse Client\Bin\Curse.exe
C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_70.exe
C:\Users\X\AppData\Local\Temp\OCS\Downloads\fc14996dfa99adfc7baae624196888c5\7b4e384f5b096b9656fee276ba88bb81\HiJackThis204.exe
C:\Windows\SysWOW64\DllHost.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName = 
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
O2 - BHO: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
O4 - HKLM\..\Run: [ROCCAT Pyra Mouse] "C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE"
O4 - HKLM\..\Run: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe" MSRun
O4 - HKCU\..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe"
O4 - HKCU\..\Run: [Spotify Web Helper] "C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
O4 - HKUS\S-1-5-18\..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe -autorun (User 'Default user')
O4 - Startup: Curse.lnk = X\AppData\Roaming\Curse Client\Bin\Curse.exe
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O10 - Unknown file in Winsock LSP: c:\program files (x86)\common files\microsoft shared\windows live\wlidnsp.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Adobe Flash Player Update Service (AdobeFlashPlayerUpdateSvc) - Adobe Systems Incorporated - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\Windows\System32\alg.exe (file missing)
O23 - Service: AMD External Events Utility - Unknown owner - C:\Windows\system32\atiesrxx.exe (file missing)
O23 - Service: AMD FUEL Service - Advanced Micro Devices, Inc. - C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\Windows\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\Windows\system32\fxssvc.exe (file missing)
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: HitmanPro 3.7 Crusader (Boot) (HitmanPro37CrusaderBoot) - SurfRight B.V. - C:\USERS\X\APPDATA\LOCAL\TEMP\RAR$EX71.392\HITMANPRO_X64.EXE
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: Mozilla Maintenance Service (MozillaMaintenance) - Mozilla Foundation - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\Windows\System32\msdtc.exe (file missing)
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\psbase.dll,-300 (ProtectedStorage) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\Windows\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\Windows\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\Windows\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\Windows\system32\sppsvc.exe (file missing)
O23 - Service: Spyware Terminator 2012 Realtime Shield Service (ST2012_Svc) - Crawler.com - C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe
O23 - Service: Steam Client Service - Valve Corporation - C:\Program Files (x86)\Common Files\Steam\SteamService.exe
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\Windows\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\Windows\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\Windows\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\Windows\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\Windows\system32\wbengine.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\Windows\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)

--
End of file - 7323 bytes
         
FRST:

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 13-02-2014 01
Ran by X (administrator) on PHANT0M on 14-02-2014 20:31:20
Running from C:\Users\X\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() D:\Games\League of Legends\RADS\system\rads_user_kernel.exe
() D:\Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.199\deploy\LoLLauncher.exe
() D:\Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.71\deploy\LolClient.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_12_0_0_44.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [ROCCAT Pyra Mouse] - C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE [532480 2010-09-07] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Run: [Spotify Web Helper] - "C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Policies\Explorer: [NoInternetOpenWith] 1

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x008CD126D995CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Toolbar: HKLM - No Name - {32099AAC-C132-4136-9E9A-4E364A424E17} -  No File
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 62.109.121.1 62.109.121.2

FireFox:
========
FF ProfilePath: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default
FF user.js: detected! => C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\user.js
FF NewTab: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_170.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_44.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Adblock Plus - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-02]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Google-Suche) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (AdBlock) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-10]
CHR Extension: (avast! Online Security) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-10]
CHR Extension: (Arcane Legends) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-08-10]
CHR Extension: (Chrome In-App Payments service) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (ScriptSafe) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2013-08-10]
CHR Extension: (Google Mail) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [418376 2013-04-04] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [701512 2013-04-04] (Malwarebytes Corporation)
S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink)
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-08-09] (DT Soft Ltd)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25928 2013-04-04] (Malwarebytes Corporation)
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
U4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-02-14 20:31 - 2014-02-14 20:31 - 00012031 _____ () C:\Users\X\Desktop\FRST.txt
2014-02-14 20:31 - 2014-02-14 20:31 - 00000000 ____D () C:\FRST
2014-02-14 20:30 - 2014-02-14 20:30 - 02152960 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2014-02-13 01:43 - 2014-02-13 01:50 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 01:43 - 2013-04-04 14:50 - 00025928 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mbam.sys
2014-02-13 00:41 - 2014-02-13 01:14 - 00000000 ____D () C:\Users\X\AppData\Roaming\TeamViewer
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\X\AppData\Roaming\Malwarebytes
2014-02-08 20:10 - 2014-02-14 20:28 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 20:10 - 2014-02-08 20:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-06 23:19 - 2014-02-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-01-30 23:31 - 2014-01-30 23:31 - 00000000 ____D () C:\output
2014-01-27 21:58 - 2014-02-06 21:20 - 00000000 ____D () C:\Users\X\AppData\Local\Spotify
2014-01-27 21:58 - 2014-01-27 21:58 - 00001784 _____ () C:\Users\X\Desktop\Spotify.lnk
2014-01-27 21:58 - 2014-01-27 21:58 - 00001770 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-27 21:56 - 2014-02-14 07:02 - 00000000 ____D () C:\Users\X\AppData\Roaming\Spotify
2014-01-27 21:28 - 2014-01-27 21:28 - 510796913 _____ () C:\Windows\MEMORY.DMP
2014-01-27 21:28 - 2014-01-27 21:28 - 00262144 _____ () C:\Windows\Minidump\012714-21964-01.dmp
2014-01-26 21:54 - 2014-01-26 21:54 - 00000000 ____D () C:\Users\X\AppData\Roaming\ASCOMP Software
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\launcher
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\explauncher
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\backup
2014-01-26 20:25 - 2014-01-26 20:25 - 00002413 _____ () C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk
2014-01-26 20:24 - 2014-01-26 20:24 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-01-26 20:17 - 2014-01-26 20:17 - 00000693 _____ () C:\Users\X\Desktop\Facebook memes.lnk
2014-01-26 19:24 - 2014-01-26 19:24 - 00000000 ____D () C:\Users\X\Documents\Simply Super Software
2014-01-26 19:24 - 2014-01-26 19:24 - 00000000 ____D () C:\Users\X\AppData\Roaming\Simply Super Software
2014-01-26 19:23 - 2014-01-26 20:01 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-01-26 19:23 - 2014-01-26 20:01 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-01-26 19:23 - 2014-01-26 19:23 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-01-26 19:23 - 2014-01-26 19:23 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-01-26 17:58 - 2014-01-26 18:02 - 00000000 ____D () C:\AdwCleaner
2014-01-26 17:43 - 2014-01-26 17:43 - 00000000 ____D () C:\Users\X\AppData\Roaming\Lavasoft
2014-01-26 17:43 - 2014-01-26 17:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-01-26 17:42 - 2014-01-26 17:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-01-26 17:38 - 2014-01-26 20:01 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-01-26 17:38 - 2014-01-26 20:01 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-01-26 17:38 - 2014-01-26 17:38 - 00000000 ____D () C:\Users\X\AppData\Roaming\Spyware Terminator
2014-01-26 17:05 - 2014-01-26 20:01 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-26 17:05 - 2014-01-26 17:05 - 00000000 ____D () C:\Users\X\AppData\Roaming\SUPERAntiSpyware.com
2014-01-26 17:05 - 2014-01-26 17:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-26 16:31 - 2014-01-26 16:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-26 16:29 - 2014-01-26 20:01 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-26 16:29 - 2014-01-26 20:01 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-26 15:44 - 2014-01-26 20:01 - 00000000 ___HD () C:\NTKernel
2014-01-26 15:07 - 2014-01-26 15:07 - 00003184 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x090301DC
2014-01-26 15:06 - 2014-01-26 20:01 - 00000000 __SHD () C:\ProgramData\h65guhb
2014-01-26 15:06 - 2014-01-26 15:06 - 00000000 _RSHD () C:\Users\X\AppData\Roaming\Microsoft Fx
2014-01-24 07:04 - 2014-01-24 07:05 - 00312690 _____ () C:\Users\X\Documents\ts3_clientui-win64-1382530211-2014-01-24 07_04_58.675900.dmp

==================== One Month Modified Files and Folders =======

2014-02-14 20:31 - 2014-02-14 20:31 - 00012031 _____ () C:\Users\X\Desktop\FRST.txt
2014-02-14 20:31 - 2014-02-14 20:31 - 00000000 ____D () C:\FRST
2014-02-14 20:30 - 2014-02-14 20:30 - 02152960 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2014-02-14 20:28 - 2014-02-08 20:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-14 20:26 - 2013-10-24 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-02-14 20:24 - 2009-07-14 05:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-02-14 20:24 - 2009-07-14 05:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-02-14 20:20 - 2013-08-09 19:06 - 01119397 _____ () C:\Windows\WindowsUpdate.log
2014-02-14 20:17 - 2014-01-08 21:00 - 00002567 _____ () C:\Windows\setupact.log
2014-02-14 20:17 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-02-14 07:38 - 2013-08-10 20:27 - 00000000 ____D () C:\Users\X\AppData\Roaming\TS3Client
2014-02-14 07:15 - 2013-08-10 15:52 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-02-14 07:02 - 2014-01-27 21:56 - 00000000 ____D () C:\Users\X\AppData\Roaming\Spotify
2014-02-13 21:25 - 2014-01-10 20:03 - 00000000 ____D () C:\Users\X\Desktop\Eminem - The Marshall Mathers LP 2 iM1
2014-02-13 01:50 - 2014-02-13 01:43 - 00000000 ____D () C:\Program Files (x86)\Malwarebytes' Anti-Malware
2014-02-13 01:14 - 2014-02-13 00:41 - 00000000 ____D () C:\Users\X\AppData\Roaming\TeamViewer
2014-02-09 23:15 - 2014-02-09 23:15 - 00000000 ____D () C:\Users\X\AppData\Roaming\Malwarebytes
2014-02-09 23:14 - 2014-01-08 21:21 - 00094312 _____ () C:\Windows\PFRO.log
2014-02-08 20:10 - 2014-02-08 20:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 20:10 - 2013-08-10 15:52 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-08 01:17 - 2013-09-02 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-06 23:19 - 2014-02-06 23:19 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-06 21:20 - 2014-01-27 21:58 - 00000000 ____D () C:\Users\X\AppData\Local\Spotify
2014-02-05 23:26 - 2013-10-24 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-05 23:26 - 2013-09-02 19:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-05 23:26 - 2013-09-02 19:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-05 22:34 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2014-01-30 23:31 - 2014-01-30 23:31 - 00000000 ____D () C:\output
2014-01-27 21:58 - 2014-01-27 21:58 - 00001784 _____ () C:\Users\X\Desktop\Spotify.lnk
2014-01-27 21:58 - 2014-01-27 21:58 - 00001770 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-01-27 21:28 - 2014-01-27 21:28 - 510796913 _____ () C:\Windows\MEMORY.DMP
2014-01-27 21:28 - 2014-01-27 21:28 - 00262144 _____ () C:\Windows\Minidump\012714-21964-01.dmp
2014-01-27 21:28 - 2013-08-16 22:48 - 00000000 ____D () C:\Windows\Minidump
2014-01-26 22:19 - 2013-08-09 21:26 - 00000000 ___RD () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-01-26 22:15 - 2014-01-02 13:53 - 00000000 ____D () C:\Windows\pss
2014-01-26 22:14 - 2013-12-04 15:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-01-26 22:08 - 2013-08-09 21:26 - 00092632 _____ () C:\Users\X\AppData\Local\GDIPFONTCACHEV1.DAT
2014-01-26 22:07 - 2009-07-14 05:45 - 00372016 _____ () C:\Windows\system32\FNTCACHE.DAT
2014-01-26 21:56 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\System
2014-01-26 21:54 - 2014-01-26 21:54 - 00000000 ____D () C:\Users\X\AppData\Roaming\ASCOMP Software
2014-01-26 21:53 - 2013-11-10 04:44 - 00000000 ____D () C:\ProgramData\Microsoft Help
2014-01-26 21:52 - 2009-07-14 04:20 - 00000000 ____D () C:\Program Files\Common Files\Microsoft Shared
2014-01-26 21:52 - 2009-07-14 03:34 - 00000387 _____ () C:\Windows\win.ini
2014-01-26 21:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\SysWOW64\oobe
2014-01-26 21:33 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\oobe
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\launcher
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\explauncher
2014-01-26 20:30 - 2014-01-26 20:30 - 00000000 ____D () C:\ProgramData\backup
2014-01-26 20:25 - 2014-01-26 20:25 - 00002413 _____ () C:\Users\Public\Desktop\Paragon Backup & Recovery™ 2013 Free.lnk
2014-01-26 20:24 - 2014-01-26 20:24 - 00000000 ____D () C:\Program Files (x86)\Paragon Software
2014-01-26 20:17 - 2014-01-26 20:17 - 00000693 _____ () C:\Users\X\Desktop\Facebook memes.lnk
2014-01-26 20:04 - 2013-08-09 21:26 - 00000000 ____D () C:\Users\X
2014-01-26 20:01 - 2014-01-26 19:23 - 00000000 ____D () C:\Program Files (x86)\TrojanHunter 5.5
2014-01-26 20:01 - 2014-01-26 19:23 - 00000000 ____D () C:\Program Files (x86)\Trojan Remover
2014-01-26 20:01 - 2014-01-26 17:38 - 00000000 ____D () C:\ProgramData\Spyware Terminator
2014-01-26 20:01 - 2014-01-26 17:38 - 00000000 ____D () C:\Program Files (x86)\Spyware Terminator
2014-01-26 20:01 - 2014-01-26 17:05 - 00000000 ____D () C:\Program Files\SUPERAntiSpyware
2014-01-26 20:01 - 2014-01-26 16:29 - 00000000 ____D () C:\ProgramData\Spybot - Search & Destroy
2014-01-26 20:01 - 2014-01-26 16:29 - 00000000 ____D () C:\Program Files (x86)\Spybot - Search & Destroy 2
2014-01-26 20:01 - 2014-01-26 15:44 - 00000000 ___HD () C:\NTKernel
2014-01-26 20:01 - 2014-01-26 15:06 - 00000000 __SHD () C:\ProgramData\h65guhb
2014-01-26 20:01 - 2014-01-08 19:51 - 00000000 ____D () C:\ProgramData\Razer
2014-01-26 20:01 - 2014-01-08 19:51 - 00000000 ____D () C:\Program Files (x86)\Razer
2014-01-26 20:01 - 2014-01-08 19:14 - 00000000 ____D () C:\Users\X\AppData\Roaming\newnext.me
2014-01-26 20:01 - 2014-01-08 19:14 - 00000000 ____D () C:\Users\X\AppData\Local\genienext
2014-01-26 20:01 - 2014-01-08 19:13 - 00000000 ____D () C:\Program Files (x86)\MyPC Backup
2014-01-26 20:01 - 2013-12-04 15:44 - 00000000 ____D () C:\Users\X\AppData\Roaming\Wise Registry Cleaner
2014-01-26 20:01 - 2013-12-04 15:35 - 00000000 ____D () C:\Users\X\AppData\Roaming\DesktopIconForAmazon
2014-01-26 20:01 - 2013-09-02 19:42 - 00000000 ____D () C:\Users\X\AppData\Roaming\PhotoScape
2014-01-26 20:01 - 2013-08-09 19:11 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-01-26 20:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\system32\NDF
2014-01-26 20:01 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\registration
2014-01-26 19:58 - 2013-09-02 19:17 - 00000000 ____D () C:\Users\X\AppData\Local\Mozilla
2014-01-26 19:58 - 2009-07-14 04:20 - 00000000 ____D () C:\Windows\AppCompat
2014-01-26 19:57 - 2014-01-08 19:14 - 00000000 ____D () C:\Users\X\AppData\Local\Mobogenie
2014-01-26 19:57 - 2013-10-29 23:21 - 00000000 ____D () C:\ProgramData\Malwarebytes
2014-01-26 19:30 - 2010-11-21 07:50 - 00127494 _____ () C:\Windows\system32\perfc007.dat
2014-01-26 19:24 - 2014-01-26 19:24 - 00000000 ____D () C:\Users\X\Documents\Simply Super Software
2014-01-26 19:24 - 2014-01-26 19:24 - 00000000 ____D () C:\Users\X\AppData\Roaming\Simply Super Software
2014-01-26 19:23 - 2014-01-26 19:23 - 00000000 ____D () C:\ProgramData\TrojanHunter
2014-01-26 19:23 - 2014-01-26 19:23 - 00000000 ____D () C:\ProgramData\Simply Super Software
2014-01-26 18:17 - 2010-11-21 08:00 - 00000000 ___RD () C:\Users\Public\Recorded TV
2014-01-26 18:02 - 2014-01-26 17:58 - 00000000 ____D () C:\AdwCleaner
2014-01-26 17:43 - 2014-01-26 17:43 - 00000000 ____D () C:\Users\X\AppData\Roaming\Lavasoft
2014-01-26 17:43 - 2014-01-26 17:43 - 00000000 ____D () C:\Program Files\Lavasoft
2014-01-26 17:42 - 2014-01-26 17:42 - 00000000 ____D () C:\Program Files\Common Files\Lavasoft
2014-01-26 17:40 - 2014-01-26 17:40 - 00000000 ____D () C:\ProgramData\Lavasoft
2014-01-26 17:38 - 2014-01-26 17:38 - 00000000 ____D () C:\Users\X\AppData\Roaming\Spyware Terminator
2014-01-26 17:05 - 2014-01-26 17:05 - 00000000 ____D () C:\Users\X\AppData\Roaming\SUPERAntiSpyware.com
2014-01-26 17:05 - 2014-01-26 17:05 - 00000000 ____D () C:\ProgramData\SUPERAntiSpyware.com
2014-01-26 16:31 - 2014-01-26 16:31 - 00000000 ____D () C:\Windows\System32\Tasks\Safer-Networking
2014-01-26 15:07 - 2014-01-26 15:07 - 00003184 _____ () C:\Windows\System32\Tasks\Windows Update Check - 0x090301DC
2014-01-26 15:06 - 2014-01-26 15:06 - 00000000 _RSHD () C:\Users\X\AppData\Roaming\Microsoft Fx
2014-01-24 07:05 - 2014-01-24 07:04 - 00312690 _____ () C:\Users\X\Documents\ts3_clientui-win64-1382530211-2014-01-24 07_04_58.675900.dmp
2014-01-22 20:36 - 2014-01-08 19:52 - 00000000 ____D () C:\Users\X\AppData\Local\Razer
2014-01-15 19:55 - 2010-11-21 07:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-01-15 19:55 - 2010-11-21 07:50 - 00150604 _____ () C:\Windows\system32\perfc007(25).dat
2014-01-15 19:55 - 2009-07-14 06:13 - 01629372 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-01-15 19:55 - 2009-07-14 03:36 - 00123008 _____ () C:\Windows\system32\perfc009(26).dat

Some content of TEMP:
====================
C:\Users\X\AppData\Local\Temp\BackupSetup.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-08 11:06

==================== End Of Log ============================
         
--- --- ---


Und zu guter letzt
Eset Online Scanner:

Code:
ATTFilter
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\genienext\nengine.dll.vir	Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe.vir	a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe.vir	a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll.vir	Win32/NextLive.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe.vir	a variant of Win32/Mobogenie.A potentially unwanted application
C:\AdwCleaner\Quarantine\C\Users\X\AppData\Local\Temp\OCS\ocs_v71a.exe.vir	a variant of Win32/DownloadSponsor.A potentially unwanted application
C:\Users\X\AppData\Local\genienext\nengine.dll	Win32/NextLive.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\DaemonProcess.exe	a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\Mobogenie.exe	a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\nengine.dll	Win32/NextLive.A potentially unwanted application
C:\Users\X\AppData\Local\Mobogenie\Version\OldVersion\Mobogenie\New_UpdateMoboGenie.exe	a variant of Win32/Mobogenie.A potentially unwanted application
C:\Users\X\AppData\Roaming\newnext.me\nengine.dll	Win32/NextLive.A potentially unwanted application
         

Alt 06.03.2014, 18:37   #7
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



AdwCleaner löschen.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.


und ein frisches FRST log bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.03.2014, 01:01   #8
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Danke für die Antwort. Wie in dem Haupantwort beschrieben ist Malwarebytes eines der befallenen Virenprogramme die ich nicht ganz bzw. zum teil ( ging vor dem virus jetzt nicht mehr) mit fehlenden Config files installieren kann was aber zum absturz des programmes führt sobald ich den Scan starte.

Adwcleaner (hat 3 txt files keine Ahnung wieso)
R0
Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 21:14:34
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : X - PHANT0M
# Gestartet von : C:\Users\X\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\user.js
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\Users\X\AppData\Local\genienext
Ordner Gefunden C:\Users\X\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\X\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden C:\Users\X\AppData\Roaming\newnext.me
Ordner Gefunden C:\Windows\SysWOW64\AI_RecycleBin

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\caphyon
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\caphyon
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2}
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2018 octets] - [06/03/2014 21:14:34]

########## EOF - C:\AdwCleaner\AdwCleaner[R0].txt - [2078 octets] ##########
         
R1
Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 21:15:35
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : X - PHANT0M
# Gestartet von : C:\Users\X\Desktop\adwcleaner.exe
# Option : Suchen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Datei Gefunden : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\user.js
Datei Gefunden : C:\Windows\System32\roboot64.exe
Ordner Gefunden C:\Program Files (x86)\MyPC Backup
Ordner Gefunden C:\Users\X\AppData\Local\genienext
Ordner Gefunden C:\Users\X\AppData\Local\Temp\OCS
Ordner Gefunden C:\Users\X\AppData\Roaming\DesktopIconForAmazon
Ordner Gefunden C:\Users\X\AppData\Roaming\newnext.me
Ordner Gefunden C:\Windows\SysWOW64\AI_RecycleBin

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gefunden : HKCU\Software\caphyon
Schlüssel Gefunden : HKCU\Software\OCS
Schlüssel Gefunden : [x64] HKCU\Software\caphyon
Schlüssel Gefunden : [x64] HKCU\Software\OCS
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gefunden : [x64] HKLM\SOFTWARE\Classes\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2}
Wert Gefunden : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2174 octets] - [06/03/2014 21:14:34]
AdwCleaner[R1].txt - [2078 octets] - [06/03/2014 21:15:35]

########## EOF - C:\AdwCleaner\AdwCleaner[R1].txt - [2138 octets] ##########
         
S0
Code:
ATTFilter
# AdwCleaner v3.020 - Bericht erstellt am 06/03/2014 um 21:16:07
# Aktualisiert 27/02/2014 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzername : X - PHANT0M
# Gestartet von : C:\Users\X\Desktop\adwcleaner.exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****

Ordner Gelöscht : C:\Program Files (x86)\MyPC Backup
Ordner Gelöscht : C:\Windows\SysWOW64\AI_RecycleBin
Ordner Gelöscht : C:\Users\X\AppData\Local\genienext
Ordner Gelöscht : C:\Users\X\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\X\AppData\Roaming\DesktopIconForAmazon
Ordner Gelöscht : C:\Users\X\AppData\Roaming\newnext.me
Datei Gelöscht : C:\Windows\System32\roboot64.exe
Datei Gelöscht : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\user.js

***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****

Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{0A18A436-2A7A-49F3-A488-30538A2F6323}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{007EFBDF-8A5D-4930-97CC-A4B437CBA777}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{4250488A-CB24-0893-C066-B1AEA57BCFF2}
Schlüssel Gelöscht : [x64] HKLM\SOFTWARE\Classes\Interface\{B1290521-AB01-40EB-B993-AD122BEFC9E2}
Wert Gelöscht : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Schlüssel Gelöscht : HKCU\Software\caphyon
Schlüssel Gelöscht : HKCU\Software\OCS

***** [ Browser ] *****

-\\ Internet Explorer v10.0.9200.16660


-\\ Mozilla Firefox v27.0.1 (de)

[ Datei : C:\Users\X\AppData\Roaming\Mozilla\FirefoX\Profiles\9aws0x8x.default\prefs.js ]


-\\ Google Chrome v33.0.1750.146

[ Datei : C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2174 octets] - [06/03/2014 21:14:34]
AdwCleaner[R1].txt - [2234 octets] - [06/03/2014 21:15:35]
AdwCleaner[S0].txt - [2063 octets] - [06/03/2014 21:16:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [2123 octets] ##########
         
JRT
Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.1.2 (02.20.2014:1)
OS: Windows 7 Ultimate x64
Ran by X on 06.03.2014 at 21:22:37,00
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\X\AppData\Roaming\mozilla\firefox\profiles\9aws0x8x.default\minidumps [141 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 06.03.2014 at 21:28:13,30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         
FRST

FRST Logfile:
Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 06-03-2014
Ran by X (administrator) on PHANT0M on 06-03-2014 21:30:29
Running from C:\Users\X\Desktop
Windows 7 Ultimate Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal



==================== Processes (Whitelisted) =================

(AMD) C:\Windows\system32\atiesrxx.exe
(AMD) C:\Windows\system32\atieclxx.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
() C:\Program Files (x86)\RocketDock\RocketDock.exe
(Spotify Ltd) C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
(Curse, Inc) C:\Users\X\AppData\Roaming\Curse Client\Bin\Curse.exe
(ROCCAT) C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe


==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13657304 2013-10-18] (Realtek Semiconductor)
HKLM-x32\...\Run: [ROCCAT Pyra Mouse] - C:\Program Files (x86)\ROCCAT\Pyra Mouse\PyraMonitor.EXE [532480 2010-09-07] (ROCCAT)
HKLM-x32\...\Run: [StartCCC] - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-12-06] (Advanced Micro Devices, Inc.)
HKU\.DEFAULT\...\Run: [DAEMON Tools Lite] - C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe [1305408 2011-01-20] (DT Soft Ltd)
HKU\.DEFAULT\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\.DEFAULT\...\Policies\Explorer: [LinkResolveIgnoreLinkInfo] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoResolveSearch] 1
HKU\.DEFAULT\...\Policies\Explorer: [NoInternetOpenWith] 1
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Run: [RocketDock] - C:\Program Files (x86)\RocketDock\RocketDock.exe [495616 2007-09-02] ()
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Run: [Spotify Web Helper] - C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1171968 2014-02-16] (Spotify Ltd)
HKU\S-1-5-21-1637580094-1292609826-1814546496-1001\...\Policies\Explorer: [NoInternetOpenWith] 1
Startup: C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Curse.lnk
ShortcutTarget: Curse.lnk -> C:\Users\X\AppData\Roaming\Curse Client\Bin\Curse.exe (Curse, Inc)

==================== Internet (Whitelisted) ====================

HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0x008CD126D995CE01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
StartMenuInternet: IEXPLORE.EXE - C:\Program Files (x86)\Internet Explorer\iexplore.exe
SearchScopes: HKLM - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKCU - {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 192.168.0.2

FireFox:
========
FF ProfilePath: C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default
FF NewTab: about:home
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_70.dll ()
FF Plugin: @videolan.org/vlc,version=2.0.7 - D:\Programme\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_70.dll ()
FF Plugin-x32: @java.com/DTPlugin,version=10.25.2 - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.25.2 - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.0.8 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\yahoo-de.xml
FF Extension: ProxTube - Unblock YouTube - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\Extensions\ich@maltegoetz.de [2013-12-11]
FF Extension: Adblock Plus - C:\Users\X\AppData\Roaming\Mozilla\Firefox\Profiles\9aws0x8x.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013-09-02]

Chrome: 
=======
CHR HomePage: 
CHR RestoreOnStartup: "hxxp://google.de/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\PepperFlash\pepflashplayer.dll No File
CHR Plugin: (Chrome Remote Desktop Viewer) - internal-remoting-viewer
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\ppGoogleNaClPluginChrome.dll No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\29.0.1547.62\pdf.dll No File
CHR Plugin: (Java Deployment Toolkit 6.0.240.7) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll (Sun Microsystems, Inc.)
CHR Plugin: (Java(TM) Platform SE 6 U24) - C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll No File
CHR Extension: (Google Docs) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2013-08-10]
CHR Extension: (Google Drive) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2013-08-10]
CHR Extension: (YouTube) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2013-08-10]
CHR Extension: (Google-Suche) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2013-08-10]
CHR Extension: (AdBlock) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2013-08-10]
CHR Extension: (avast! Online Security) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2013-08-10]
CHR Extension: (Arcane Legends) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\ibmlkgieigeddcedpbijnpojheoddido [2013-08-10]
CHR Extension: (Chrome In-App Payments service) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2013-08-21]
CHR Extension: (ScriptSafe) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiigbmnaadbkfbmpbfijlflahbdbdgdf [2013-08-10]
CHR Extension: (Google Mail) - C:\Users\X\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2013-08-10]

==================== Services (Whitelisted) =================

R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2013-12-06] (Advanced Micro Devices, Inc.)
S4 RaMediaServer; C:\Program Files (x86)\Ralink\Common\RaMediaServer.exe [1863680 2012-07-06] (Ralink)
S4 RzKLService; C:\Program Files (x86)\Razer\Razer Game Booster\RzKLService.exe [105448 2013-11-22] (Razer Inc.)

==================== Drivers (Whitelisted) ====================

R2 AODDriver4.2.0; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59648 2013-09-19] (Advanced Micro Devices)
R3 dtsoftbus01; C:\Windows\System32\DRIVERS\dtsoftbus01.sys [254528 2013-08-09] (DT Soft Ltd)
S3 hitmanpro37; C:\Windows\system32\drivers\hitmanpro37.sys [32512 2014-03-01] ()
R1 Serial; C:\Windows\System32\DRIVERS\serial.sys [94208 2009-07-14] (Brother Industries Ltd.)
R1 UimBus; C:\Windows\System32\DRIVERS\uimx64.sys [90960 2013-03-15] (Windows (R) 2000 DDK provider)
R1 Uim_IM; C:\Windows\System32\Drivers\Uim_IMx64.sys [633680 2013-03-15] (Paragon)
R1 Uim_VIM; C:\Windows\System32\Drivers\uim_vimx64.sys [390352 2013-03-15] (Paragon)
U4 SR; 
S3 VGPU; System32\drivers\rdvgkmd.sys [X]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2014-03-06 21:30 - 2014-03-06 21:31 - 00010914 _____ () C:\Users\X\Desktop\FRST.txt
2014-03-06 21:30 - 2014-03-06 21:30 - 00000000 ____D () C:\FRST
2014-03-06 21:28 - 2014-03-06 21:28 - 00000746 _____ () C:\Users\X\Desktop\JRT.txt
2014-03-06 21:22 - 2014-03-06 21:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 21:14 - 2014-03-06 21:16 - 00000000 ____D () C:\AdwCleaner
2014-03-06 20:26 - 2014-03-06 20:26 - 02156544 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2014-03-06 20:25 - 2014-03-06 20:26 - 01037734 _____ (Thisisu) C:\Users\X\Desktop\JRT.exe
2014-03-06 20:25 - 2014-03-06 20:25 - 01244192 _____ () C:\Users\X\Desktop\adwcleaner.exe
2014-03-04 23:11 - 2014-03-06 20:27 - 00000386 _____ () C:\Users\X\Desktop\Curse Voice.txt
2014-03-01 01:55 - 2014-03-01 01:55 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 00:41 - 2014-03-01 00:41 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 00:33 - 2014-03-01 00:33 - 00115600 _____ () C:\Windows\system32\.crusader
2014-03-01 00:09 - 2014-03-01 00:33 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-01 00:07 - 2014-03-01 00:07 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-03-01 00:05 - 2014-03-01 00:05 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-02-27 18:20 - 2014-03-02 02:40 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse Client
2014-02-27 18:20 - 2014-02-27 18:20 - 00000998 _____ () C:\Users\X\Desktop\Curse.lnk
2014-02-27 18:20 - 2014-02-27 18:20 - 00000984 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-02-27 18:20 - 2014-02-27 18:20 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse Advertising
2014-02-27 18:19 - 2014-02-27 18:19 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse
2014-02-27 14:05 - 2014-02-27 14:05 - 00190306 _____ () C:\Users\X\Desktop\lcs.xps
2014-02-22 07:47 - 2014-03-01 01:54 - 00003378 _____ () C:\Windows\PFRO.log
2014-02-21 15:42 - 2011-06-26 07:45 - 00256000 _____ () C:\Windows\PEV.exe
2014-02-21 15:42 - 2010-11-07 18:20 - 00208896 _____ () C:\Windows\MBR.exe
2014-02-21 15:42 - 2009-04-20 05:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2014-02-21 15:42 - 2000-08-31 01:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2014-02-21 15:42 - 2000-08-31 01:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2014-02-21 15:42 - 2000-08-31 01:00 - 00098816 _____ () C:\Windows\sed.exe
2014-02-21 15:42 - 2000-08-31 01:00 - 00080412 _____ () C:\Windows\grep.exe
2014-02-21 15:42 - 2000-08-31 01:00 - 00068096 _____ () C:\Windows\zip.exe
2014-02-21 15:41 - 2014-02-22 07:52 - 00000000 ___HD () C:\Qoobox
2014-02-21 15:41 - 2014-02-22 07:51 - 00000000 ____D () C:\Windows\erdnt
2014-02-21 07:43 - 2014-03-06 21:18 - 00000952 _____ () C:\Windows\setupact.log
2014-02-21 07:43 - 2014-02-21 07:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 14:37 - 2014-02-20 14:37 - 00000000 _____ () C:\Windows\system32\sfc
2014-02-17 22:32 - 2014-02-17 22:32 - 00000000 ____D () C:\Users\X\AppData\Roaming\Malwarebytes
2014-02-16 18:01 - 2014-02-16 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 00:41 - 2014-02-13 01:14 - 00000000 ____D () C:\Users\X\AppData\Roaming\TeamViewer
2014-02-08 20:10 - 2014-03-06 21:21 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-02-08 20:10 - 2014-02-08 20:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore

==================== One Month Modified Files and Folders =======

2014-03-06 21:31 - 2014-03-06 21:30 - 00010914 _____ () C:\Users\X\Desktop\FRST.txt
2014-03-06 21:30 - 2014-03-06 21:30 - 00000000 ____D () C:\FRST
2014-03-06 21:28 - 2014-03-06 21:28 - 00000746 _____ () C:\Users\X\Desktop\JRT.txt
2014-03-06 21:26 - 2013-10-24 18:43 - 00000884 _____ () C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-03-06 21:25 - 2009-07-14 05:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-03-06 21:25 - 2009-07-14 05:45 - 00021248 ____H () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-03-06 21:22 - 2014-03-06 21:22 - 00000000 ____D () C:\Windows\ERUNT
2014-03-06 21:21 - 2014-02-08 20:10 - 00001106 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-03-06 21:21 - 2013-08-09 19:06 - 01246240 _____ () C:\Windows\WindowsUpdate.log
2014-03-06 21:18 - 2014-02-21 07:43 - 00000952 _____ () C:\Windows\setupact.log
2014-03-06 21:18 - 2009-07-14 06:08 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2014-03-06 21:16 - 2014-03-06 21:14 - 00000000 ____D () C:\AdwCleaner
2014-03-06 21:15 - 2013-08-10 15:52 - 00001100 _____ () C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-03-06 21:14 - 2014-01-27 21:56 - 00000000 ____D () C:\Users\X\AppData\Roaming\Spotify
2014-03-06 20:27 - 2014-03-04 23:11 - 00000386 _____ () C:\Users\X\Desktop\Curse Voice.txt
2014-03-06 20:26 - 2014-03-06 20:26 - 02156544 _____ (Farbar) C:\Users\X\Desktop\FRST64.exe
2014-03-06 20:26 - 2014-03-06 20:25 - 01037734 _____ (Thisisu) C:\Users\X\Desktop\JRT.exe
2014-03-06 20:25 - 2014-03-06 20:25 - 01244192 _____ () C:\Users\X\Desktop\adwcleaner.exe
2014-03-05 21:17 - 2013-08-10 20:27 - 00000000 ____D () C:\Users\X\AppData\Roaming\TS3Client
2014-03-04 23:11 - 2013-08-09 21:26 - 00000000 ____D () C:\Users\X
2014-03-04 12:43 - 2010-11-21 07:50 - 00702964 _____ () C:\Windows\system32\perfh007.dat
2014-03-04 12:43 - 2010-11-21 07:50 - 00127494 _____ () C:\Windows\system32\perfc007.dat
2014-03-04 12:43 - 2009-07-14 06:13 - 01593840 _____ () C:\Windows\system32\PerfStringBackup.INI
2014-03-03 16:18 - 2014-01-27 21:58 - 00000000 ____D () C:\Users\X\AppData\Local\Spotify
2014-03-02 02:40 - 2014-02-27 18:20 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse Client
2014-03-01 01:55 - 2014-03-01 01:55 - 00032512 _____ () C:\Windows\system32\Drivers\hitmanpro37.sys
2014-03-01 01:54 - 2014-02-22 07:47 - 00003378 _____ () C:\Windows\PFRO.log
2014-03-01 00:41 - 2014-03-01 00:41 - 00000085 _____ () C:\Windows\wininit.ini
2014-03-01 00:33 - 2014-03-01 00:33 - 00115600 _____ () C:\Windows\system32\.crusader
2014-03-01 00:33 - 2014-03-01 00:09 - 00000000 ____D () C:\ProgramData\HitmanPro
2014-03-01 00:07 - 2014-03-01 00:07 - 00051496 _____ (Windows (R) Win 7 DDK provider) C:\Windows\system32\Drivers\stflt.sys
2014-03-01 00:05 - 2014-03-01 00:05 - 00000000 ____D () C:\ProgramData\SUPERSetup
2014-02-27 18:20 - 2014-02-27 18:20 - 00000998 _____ () C:\Users\X\Desktop\Curse.lnk
2014-02-27 18:20 - 2014-02-27 18:20 - 00000984 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Curse.lnk
2014-02-27 18:20 - 2014-02-27 18:20 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse Advertising
2014-02-27 18:20 - 2013-08-09 21:26 - 00000000 ___RD () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2014-02-27 18:19 - 2014-02-27 18:19 - 00000000 ____D () C:\Users\X\AppData\Roaming\Curse
2014-02-27 14:05 - 2014-02-27 14:05 - 00190306 _____ () C:\Users\X\Desktop\lcs.xps
2014-02-22 08:04 - 2013-08-09 19:11 - 00000000 ____D () C:\Program Files (x86)\RocketDock
2014-02-22 07:52 - 2014-02-21 15:41 - 00000000 ___HD () C:\Qoobox
2014-02-22 07:51 - 2014-02-21 15:41 - 00000000 ____D () C:\Windows\erdnt
2014-02-22 07:48 - 2009-07-14 03:34 - 00000215 _____ () C:\Windows\system.ini
2014-02-21 08:26 - 2013-10-24 18:43 - 00003822 _____ () C:\Windows\System32\Tasks\Adobe Flash Player Updater
2014-02-21 08:26 - 2013-09-02 19:23 - 00692616 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2014-02-21 08:26 - 2013-09-02 19:23 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2014-02-21 07:43 - 2014-02-21 07:43 - 00000000 _____ () C:\Windows\setuperr.log
2014-02-20 16:35 - 2013-08-16 22:48 - 00000000 ____D () C:\Windows\Minidump
2014-02-20 16:34 - 2013-12-04 15:35 - 00000000 ____D () C:\Program Files\CCleaner
2014-02-20 14:37 - 2014-02-20 14:37 - 00000000 _____ () C:\Windows\system32\sfc
2014-02-17 22:32 - 2014-02-17 22:32 - 00000000 ____D () C:\Users\X\AppData\Roaming\Malwarebytes
2014-02-17 21:22 - 2013-09-02 19:17 - 00000000 ____D () C:\Program Files (x86)\Mozilla Maintenance Service
2014-02-16 19:14 - 2014-01-27 21:58 - 00001784 _____ () C:\Users\X\Desktop\Spotify.lnk
2014-02-16 19:14 - 2014-01-27 21:58 - 00001770 _____ () C:\Users\X\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2014-02-16 18:01 - 2014-02-16 18:01 - 00000000 ____D () C:\Program Files (x86)\Mozilla Firefox
2014-02-13 01:14 - 2014-02-13 00:41 - 00000000 ____D () C:\Users\X\AppData\Roaming\TeamViewer
2014-02-08 20:10 - 2014-02-08 20:10 - 00003854 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2014-02-08 20:10 - 2013-08-10 15:52 - 00004096 _____ () C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2014-02-05 22:34 - 2009-07-14 06:08 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT

Some content of TEMP:
====================
C:\Users\X\AppData\Local\Temp\Quarantine.exe


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit


LastRegBack: 2014-02-28 00:09

==================== End Of Log ============================
         
--- --- ---

und die Addition Datei vom FRST
Code:
ATTFilter
0Additional scan result of Farbar Recovery Scan Tool (x64) Version: 06-03-2014
Ran by X at 2014-03-06 21:31:16
Running from C:\Users\X\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.8.0.1280 - Adobe Systems Incorporated)
Adobe AIR (x32 Version: 3.8.0.1280 - Adobe Systems Incorporated) Hidden
Adobe Flash Player 12 Plugin (HKLM-x32\...\Adobe Flash Player Plugin) (Version: 12.0.0.70 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03) - Deutsch (HKLM-x32\...\{AC76BA86-7AD7-1031-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
AMD Accelerated Video Transcoding (Version: 13.20.100.31206 - Advanced Micro Devices, Inc.) Hidden
AMD Catalyst Control Center (x32 Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Catalyst Install Manager (HKLM\...\{308051DA-0048-7A07-FE8B-9B6EC119A9E8}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AMD Drag and Drop Transcoding (Version: 2.00.0000 - Advanced Micro Devices, Inc.) Hidden
AMD Fuel (Version: 2013.1206.1603.28764 - Ihr Firmenname) Hidden
AMD Media Foundation Decoders (Version: 1.0.81206.1620 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.10 - Advanced Micro Devices, Inc.) Hidden
AMD Wireless Display v3.0 (Version: 1.0.0.14 - Advanced Micro Devices, Inc.) Hidden
Application Profiles (HKLM-x32\...\{63059735-CA97-FDFB-0E7A-3B8D81572EFD}) (Version: 2.0.4888.34279 - Advanced Micro Devices, Inc.)
Battle.net (HKLM-x32\...\Battle.net) (Version:  - Blizzard Entertainment)
Catalyst Control Center - Branding (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Graphics Previews Common (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center InstallProxy (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Localization All (x32 Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Standard (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Chinese Traditional (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Czech (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Danish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Dutch (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help English (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Finnish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help French (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help German (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Greek (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Hungarian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Italian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Japanese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Korean (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Norwegian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Polish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Portuguese (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Russian (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Spanish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Swedish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Thai (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
CCC Help Turkish (x32 Version: 2013.1206.1602.28764 - Advanced Micro Devices, Inc.) Hidden
ccc-utility64 (Version: 2013.1206.1603.28764 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 4.10 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.2.4291 - CDBurnerXP)
Counter-Strike: Global Offensive (HKLM-x32\...\Steam App 730) (Version:  - Valve)
Counter-Strike: Source (HKLM-x32\...\Steam App 240) (Version:  - Valve)
Curse (HKLM-x32\...\{DEE70742-F4E9-44CA-B2B9-EE95DCF37295}) (Version: 6.0.0.0 - Curse)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DAEMON Tools Lite (HKLM-x32\...\DAEMON Tools Lite) (Version: 4.40.2.0131 - DT Soft Ltd)
eReg (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fotogalerie (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 33.0.1750.146 - Google Inc.)
Google Update Helper (x32 Version: 1.3.22.5 - Google Inc.) Hidden
GPU Temp version 1.0 (HKLM-x32\...\{8C8711FD-0FC8-4801-B33E-ED19BB0350B1}_is1) (Version: 1.0 - gputemp.com)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.5.0 - LIGHTNING UK!)
Java 7 Update 25 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217025FF}) (Version: 7.0.250 - Oracle)
Java Auto Updater (x32 Version: 2.1.9.5 - Sun Microsystems, Inc.) Hidden
Java(TM) 6 Update 24 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83216024FF}) (Version: 6.0.240 - Oracle)
K-Lite Codec Pack (64-bit) v4.5.0 (HKLM\...\KLiteCodecPack64_is1) (Version: 4.5.0 - )
Left 4 Dead 2 (HKLM-x32\...\Steam App 550) (Version:  - Valve)
Microsoft .NET Framework 4.5 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50709 - Microsoft Corporation)
Microsoft .NET Framework 4.5 (Version: 4.5.50709 - Microsoft Corporation) Hidden
Microsoft Application Error Reporting (Version: 12.0.6015.5000 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727 (Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610 (Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 (x32 Version: 11.0.50727 - Microsoft Corporation) Hidden
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.60610 (x32 Version: 11.0.60610 - Microsoft Corporation) Hidden
MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
Movie Maker (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Mozilla Firefox 27.0.1 (x86 de) (HKLM-x32\...\Mozilla Firefox 27.0.1 (x86 de)) (Version: 27.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 27.0.1 - Mozilla)
MSVCRT (x32 Version: 15.4.2862.0708 - Microsoft) Hidden
MSVCRT110 (x32 Version: 16.4.1108.0727 - Microsoft) Hidden
MSVCRT110_amd64 (Version: 16.4.1109.0912 - Microsoft) Hidden
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.57.35 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{B28DBCBA-60F8-40ED-B35B-F510C327946C}) (Version: 4.00.9702 - Apache Software Foundation)
Paragon Backup & Recovery™ 2013 Free (HKLM-x32\...\{C268B5E1-A5DA-11DF-A289-005056C00008}) (Version: 90.00.0003 - Paragon Software)
Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Photo Gallery (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
PhotoScape (HKLM-x32\...\PhotoScape) (Version:  - )
Ralink RT2870 Wireless LAN Card (HKLM-x32\...\{28DA7D8B-F9A4-4F18-8AA0-551B1E084D0D}) (Version: 1.5.31.0 - Ralink)
Realtek HDMI Audio Driver for ATI (HKLM-x32\...\{5449FB4F-1802-4D5B-A6D8-087DB1142147}) (Version: 6.0.1.6650 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7071 - Realtek Semiconductor Corp.)
ROCCAT Pyra Mouse Driver (HKLM-x32\...\{918F769E-02E8-44EC-8373-4888B23B2492}) (Version:  - Roccat GmbH)
RocketDock 1.3.5 (HKLM-x32\...\RocketDock_is1) (Version:  - Punk Software)
Spotify (HKCU\...\Spotify) (Version: 0.9.7.16.g4b197456 - Spotify AB)
Steam (HKLM-x32\...\{048298C9-A4D3-490B-9FF9-AB023A9238F3}) (Version: 1.0.0.0 - Valve Corporation)
TL-WN721N/TL-WN722N Driver (HKLM-x32\...\{38A1E3ED-D913-41D2-9953-A93D5ACE3ADF}) (Version: 1.0.0 - TP-LINK)
Update for Microsoft .NET Framework 4.5 (KB2805226) (HKLM-x32\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132}.KB2805226) (Version: 1 - Microsoft Corporation)
VLC media player 2.0.7 (HKLM\...\VLC media player) (Version: 2.0.7 - VideoLAN)
Windows Live Communications Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3508.0205 - Microsoft Corporation)
Windows Live Essentials (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live ID Sign-in Assistant (Version: 7.250.4311.0 - Microsoft Corporation) Hidden
Windows Live Installer (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live Photo Common (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live PIMT Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live SOXE Definitions (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
Windows Live UX Platform Language Pack (x32 Version: 16.4.3508.0205 - Microsoft Corporation) Hidden
WinRAR 4.00 (64-Bit) (HKLM\...\WinRAR archiver) (Version: 4.00.0 - win.rar GmbH)
Wise Registry Cleaner 7.94 (HKLM-x32\...\Wise Registry Cleaner_is1) (Version: 7.94 - WiseCleaner.com, Inc.)

==================== Restore Points  =========================

21-02-2014 14:42:03 ComboFix created restore point
01-03-2014 15:34:21 Geplanter Prüfpunkt

==================== Hosts content: ==========================

2009-07-14 03:34 - 2014-02-22 07:48 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost

==================== Scheduled Tasks (whitelisted) =============

Task: {03B8D0BD-2435-4308-8714-1ECEB9B736CC} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-02-21] (Adobe Systems Incorporated)
Task: {16A0C00C-8F9A-42C9-9902-BE42809843BB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2014-01-21] (Piriform Ltd)
Task: {58832227-D83B-438B-807F-5952C5AD4125} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {A1D60D55-A6B8-401B-BC05-2938E02DF2F2} - System32\Tasks\Microsoft\Windows Defender\MP Scheduled Scan => d:\program files\windows defender\MpCmdRun.exe
Task: {C12C6665-7821-4E3B-802F-8A2B1F816A03} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2013-08-10] (Google Inc.)
Task: {C4E8B14A-4159-4C58-BDAD-281DBBFC97E8} - System32\Tasks\Microsoft\Windows Defender\MpIdleTask => d:\program files\windows defender\MpCmdRun.exe
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (whitelisted) =============

2013-12-06 16:06 - 2013-12-06 16:06 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2013-08-09 19:11 - 2007-09-02 13:58 - 00495616 _____ () C:\Program Files (x86)\RocketDock\RocketDock.exe
2013-12-06 16:06 - 2013-12-06 16:06 - 00102400 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2013-08-09 19:11 - 2007-09-02 12:57 - 00069632 _____ () C:\Program Files (x86)\RocketDock\RocketDock.dll
2013-12-13 07:12 - 2013-12-13 07:12 - 00307712 _____ () C:\Users\X\AppData\Roaming\Curse Client\Bin\opus.dll
2014-02-22 13:46 - 2014-02-22 13:46 - 00343040 _____ () C:\Users\X\AppData\Roaming\Curse Client\Bin\WebRTC_CSharpWrapper.dll
2013-09-01 22:06 - 2009-10-31 06:13 - 00061440 _____ () C:\Program Files (x86)\ROCCAT\Pyra Mouse\hiddriver.dll

==================== Alternate Data Streams (whitelisted) =========


==================== Safe Mode (whitelisted) ===================


==================== Disabled items from MSCONFIG ==============

MSCONFIG\Services: BackupStack => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: LBTServ => 3
MSCONFIG\Services: RalinkRegistryWriter => 2
MSCONFIG\Services: RalinkRegistryWriter64 => 2
MSCONFIG\Services: RaMediaServer => 2
MSCONFIG\Services: RzKLService => 2
MSCONFIG\Services: SplashtopRemoteService => 2
MSCONFIG\Services: SSUService => 2
MSCONFIG\Services: Update outobox => 2
MSCONFIG\startupreg: Spotify => "C:\Users\X\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper => "C:\Users\X\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe"

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================

System errors:
=============

Microsoft Office Sessions:
=========================

CodeIntegrity Errors:
===================================
  Date: 2014-02-22 07:45:41.839
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.

  Date: 2014-02-22 07:45:41.792
  Description: Windows konnte die Abbildintegrität der Datei "\Device\HarddiskVolume3\ComboFix\catchme.sys" nicht überprüfen, weil der Dateihash nicht im System gefunden wurde. Möglicherweise wurde durch eine kürzlich durchgeführte Hardware- oder Softwareänderung eine falsch signierte oder beschädigte Datei oder eine Datei, bei der es sich um schädliche Software aus einer unbekannten Quelle handelt, installiert.


==================== Memory info =========================== 

Percentage of memory in use: 29%
Total physical RAM: 4095.55 MB
Available physical RAM: 2885.51 MB
Total Pagefile: 8189.29 MB
Available Pagefile: 6822.66 MB
Total Virtual: 8192 MB
Available Virtual: 8191.79 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:75.13 GB) (Free:37.78 GB) NTFS
Drive d: () (Fixed) (Total:390.53 GB) (Free:234.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 000B0D4E)

Partition: GPT Partition Type.

==================== End Of Log ============================
         
MfG

Alt 07.03.2014, 18:15   #9
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



MBAM deinstallierne falls noch vorhanden.

Malwarebytes Anti-Malware Cleanup Tool Download
das laufen lassen.

MBAM wieder versuchen zu installieren.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 07.03.2014, 22:22   #10
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Gemacht wie beschrieben jedoch selbes Problem taucht immer und immer wieder auf

Alt 08.03.2014, 19:13   #11
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Screenshot von der Fehlermeldung bitte.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 08.03.2014, 19:40   #12
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Screens habe ich ja beim erstellen des Posts eingefugt welche dateien fehlen von Malwarebytes.

Alt 09.03.2014, 17:36   #13
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Du hast MBAM deinstalliert, das Cleanup Tool laufen lassen und genau diese Meldungen kommen wieder?

Hast Du den Installer für MBAM auch neu geladen?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 09.03.2014, 20:17   #14
Phant0m
 
Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Jap alles komplett neu über die mbam homepage geladen und dennoch die selbe Meldung jedesmal.

Alt 10.03.2014, 16:03   #15
schrauber
/// the machine
/// TB-Ausbilder
 

Virus blockiert Diverse VirenScanner - Standard

Virus blockiert Diverse VirenScanner



Ok da muss ich mal recherchieren.


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

und ein frisches FRST log bitte. Noch Probleme?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu Virus blockiert Diverse VirenScanner
anhang, blockiert, desktop, explorer.exe, knapp, malwarebytes, mobogenie, mobogenie entfernen, recover, scan, starten, virus, win32/downloadsponsor.a, win32/mobogenie.a, win32/nextlive.a



Ähnliche Themen: Virus blockiert Diverse VirenScanner


  1. Virus schaltet Virenscanner ab!
    Log-Analyse und Auswertung - 13.05.2015 (15)
  2. Windows 7: Virenscanner hat Virus entdeckt
    Log-Analyse und Auswertung - 01.02.2015 (5)
  3. Windows 7: Gruppenrichtlinie blockiert Avira und andere Versuche Virenscanner zu installieren
    Log-Analyse und Auswertung - 20.08.2014 (9)
  4. Windows7 - Trojaner(?) blockiert Virenscanner etc
    Log-Analyse und Auswertung - 13.06.2014 (13)
  5. System Care Antivirus blockiert diverse Programme
    Plagegeister aller Art und deren Bekämpfung - 06.06.2013 (17)
  6. PCK/PESpin: gefährliche Malware oder jagt der PC Virenscanner den Homeserver-Virenscanner?
    Plagegeister aller Art und deren Bekämpfung - 01.04.2013 (2)
  7. Virus Blockiert Virenscanner und Firewall, ewwy7owwge.exe
    Log-Analyse und Auswertung - 20.02.2013 (17)
  8. Virus ? Trojaner ? - Virenscanner starten mit Verzögerung
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (1)
  9. Zahlungsaufforderung durch Avira Virenscanner, "Ihr Windowssystem wurde blockiert"
    Log-Analyse und Auswertung - 10.02.2012 (3)
  10. Antivir findet diverse Viren und Warnmeldung blockiert Windows
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (11)
  11. Windows XP blockiert - leider am Virenscanner vorbei :-(
    Log-Analyse und Auswertung - 06.01.2012 (4)
  12. PC bzw.Screen durch Virus/Malware blockiert; Taskmgr und Regedit blockiert nur MS-Dos funktioniert
    Plagegeister aller Art und deren Bekämpfung - 24.12.2011 (14)
  13. Virus gibt sich als Virenscanner aus
    Log-Analyse und Auswertung - 08.01.2009 (0)
  14. Virenscanner als Virenscanner unzulässige Win32 Anwendung, mrofinu1386.exe
    Plagegeister aller Art und deren Bekämpfung - 05.03.2008 (48)
  15. Deaktivierter Virenscanner durch einen Virus??
    Plagegeister aller Art und deren Bekämpfung - 08.01.2007 (16)
  16. Ports blockiert - Virenscanner sagt ok
    Log-Analyse und Auswertung - 11.04.2006 (11)
  17. Virus schaltet alle Virenscanner ab!?!?!
    Plagegeister aller Art und deren Bekämpfung - 18.10.2004 (1)

Zum Thema Virus blockiert Diverse VirenScanner - Hallo erstmals, ich hatte vor knapp einen Monat einen Virus / Malware auf meinem Rechner was dazu führte, dass sich mein desktop nicht blicken lässte. Egal was ich versucht habe - Virus blockiert Diverse VirenScanner...
Archiv
Du betrachtest: Virus blockiert Diverse VirenScanner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.